ARRGH9 Posted March 6, 2013 ID:654110 Share Posted March 6, 2013 So, two days ago: business as usual.Yesterday morning, SOME (not all) random programs (MP3 Rocket, PS3 Media Server, and some others) would not open.Yesteday late-afternoon. Some file folders went missing (Age Of Empires III, all of me Media Dowload files and folders.)No sign of Malware.Today, MORE Folders are gone-- practically everything.I tried a System restore point-- only one exists-- from yesterday morning. (I never deleted any old restore points, and had set the maximum amount of memory allotment.)First, HiJackThis log came back fine. Then,I tried several antivirus software in Safe Mode (Malwarebytes, Avast, and SuperAntiSpyware) as well as many undelete programs. More files wound up missing upon restart and boot into Normal Mode.Used the only system restore point and got back several EMPTY folders!Now, ALL of my really important files are GONE! All backup options seem to be gone, and there is STILL no sign of Malware!!!HELP.... please? Link to post Share on other sites More sharing options...
ARRGH9 Posted March 6, 2013 Author ID:654112 Share Posted March 6, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16457Run by Girrard at 13:04:39 on 2013-03-06Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.5929 [GMT -7:00].AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\system32\Dwm.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\COMODO\COMODO Internet Security\cfp.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exeC:\Users\Girrard\Desktop\uTorrent.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Glary Undelete\undelete.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\mmc.exeC:\Windows\explorer.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.yahoo.com/?ilc=14uWindow Title = Internet Explorer, optimized for Bing and MSNmWinlogon: Userinit = userinit.exeBHO: Vid-Saver Extension: {11111111-1111-1111-1111-110211181108} - C:\Program Files (x86)\Vid-Saver Extension\Vid-Saver Extension.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLTB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"uRun: [uTorrent] "C:\Users\Girrard\Desktop\uTorrent.exe" /MINIMIZEDmRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: &Download by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/201IE: &Grab video by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/204IE: Do&wnload selected by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/203IE: Down&load all by Orbit - C:\Users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/202IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabTCP: NameServer = 192.168.1.1TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB} : NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5} : NameServer = 8.26.56.26,156.154.70.22Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLAppInit_DLLs= C:\Windows\SysWOW64\guard32.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -hx64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServicesx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-5 65408]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-5 177672]R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2012-12-17 21616]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-12-17 1025880]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-12-17 377992]R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-11-7 584056]R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2012-11-7 38144]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-12-17 33472]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-17 80888]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-5 45248]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-17 104560]R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;C:\Windows\System32\drivers\rtl8192cu.sys [2012-12-17 848384]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-17 46136]S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [2012-12-23 276256]S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-1-9 97040]S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136].=============== Created Last 30 ================.2013-03-06 18:52:17 -------- d-----w- C:\Users\Girrard\AppData\Roaming\GlarySoft2013-03-06 16:17:47 -------- d-----w- C:\Program Files (x86)\Glary Undelete2013-03-06 13:16:58 26024 ----a-w- C:\Windows\System32\drivers\rsdrvx64.sys2013-03-06 00:36:36 177672 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-03-06 00:36:35 65408 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-03-06 00:22:55 -------- d-----w- C:\Users\Girrard\AppData\Roaming\WinPatrol2013-03-06 00:22:52 -------- d-----w- C:\ProgramData\InstallMate2013-03-06 00:13:30 -------- d-----w- C:\Users\Girrard\MP3 Rocket2013-02-22 21:00:44 -------- d-----w- C:\Users\Girrard\Startup Inspector for Windows2013-02-06 21:28:05 -------- d-----w- C:\Downloads2013-02-06 21:28:04 -------- d-----w- C:\Users\Girrard\AppData\Roaming\ProgSense2013-02-06 21:05:14 -------- d-----w- C:\Users\Girrard\AppData\Roaming\AnvSoft.==================== Find3M ====================.2013-02-28 08:36:33 71064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-02-28 08:36:33 1025880 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-02-28 08:36:32 80888 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-02-28 08:36:07 41664 ----a-w- C:\Windows\avastSS.scr2013-02-26 21:03:28 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-26 21:03:28 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-02-12 13:08:00 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-02-12 13:08:00 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2012-12-24 22:30:49 276256 ----a-w- C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys2012-12-19 22:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe2012-12-19 22:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll2012-12-19 22:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll2012-12-19 22:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll2012-12-19 22:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll2012-12-19 22:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll2012-12-19 22:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll2012-12-19 22:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll2012-12-19 22:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll2012-12-18 02:25:01 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll2012-12-18 02:25:00 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll2012-12-18 02:25:00 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll2012-12-17 22:09:59 0 ----a-w- C:\Windows\ativpsrm.bin.============= FINISH: 13:05:07.32 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 12/17/2012 2:15:56 PMSystem Uptime: 3/6/2013 11:13:13 AM (2 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | GA-78LMT-S2PProcessor: AMD FX-4100 Quad-Core Processor | Socket M2 | 3600/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 931 GiB total, 749.394 GiB free.D: is CDROM (UDF)E: is FIXED (NTFS) - 0 GiB total, 0.031 GiB free..==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP78: 3/6/2013 6:00:03 AM - Installed Java 6 Update 39RP79: 3/6/2013 11:08:42 AM - Restore OperationRP80: 3/6/2013 11:19:40 AM - Windows Backup.==== Installed Programs ======================.µTorrent7-Zip 9.20 (x64 edition)Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.02)Age of Empires IIIAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Drag and Drop TranscodingAMD FuelAMD Media Foundation DecodersAMD VISION Engine Control CenterAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverATI AVIVO64 Codecsavast! Free AntivirusBelkin N300 Micro USB Wireless AdapterCanon iP2700 series Printer DriverCanon iP2700 series User RegistrationCanon Utilities My PrinterCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help SpanishCOMODO Internet SecurityDebut Video Capture SoftwareDVD43 Plug-in v1.0.0.5ffdshow v1.1.4369 [2012-03-03]Free DVD ISO Burner version 1.2Glary Undelete 1.8.0.468HydraVisionJava 7 Update 17Java Auto UpdaterJava SE Runtime Environment 6 Update 1League of LegendsMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 32-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 32-bit MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft VC9 runtime librariesMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219MP3 RocketneroxmlON_OFF Charge B11.1102.1PS3 Media ServerRealtek High Definition Audio DriverSid Meier's Civilization 4 CompleteSid Meier's Civilization IV ColonizationThe Lord of the Rings FREE TrialTotal Video Converter 3.71 100812Vid-Saver ExtensionWinPatrolXiph.Org Open Codecs 0.85.17777.==== Event Viewer Messages From Past Week ========.3/6/2013 9:24:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}3/6/2013 11:01:29 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.3/6/2013 11:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}3/6/2013 11:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}3/6/2013 11:01:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}3/6/2013 11:01:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}3/6/2013 11:01:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}3/6/2013 11:01:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}3/6/2013 11:01:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger aswRdr aswSnx aswSP aswTdi cmdGuard cmdHlp CSC DfsC discache ElRawDisk inspect NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.3/6/2013 11:01:16 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.3/6/2013 10:10:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}3/6/2013 10:10:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}3/6/2013 1:56:28 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.3/5/2013 2:57:51 PM, Error: Service Control Manager [7034] - The PS3 Media Server service terminated unexpectedly. It has done this 1 time(s).3/5/2013 10:29:15 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error The system cannot join or substitute a drive to or for a directory on the same drive..2/27/2013 8:36:36 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ADDISON-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}. The master browser is stopping or an election is being forced.2/27/2013 2:55:24 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer USER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}. The master browser is stopping or an election is being forced.2/27/2013 11:17:10 AM, Error: Service Control Manager [7030] - The PS3 Media Server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.2/27/2013 11:12:03 AM, Error: Service Control Manager [7024] - The PS3 Media Server service terminated with service-specific error Incorrect function..2/27/2013 10:29:22 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).2/27/2013 10:29:22 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).2/27/2013 10:29:22 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.2/27/2013 10:29:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}.==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff CatByte Posted March 6, 2013 Staff ID:654178 Share Posted March 6, 2013 Please run the following:Please download Unhide.exe to your desktop:Double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the hidden attributes from all the files on your system. Note: If you had purposely hidden any files, then you will need to hide them again after this tool has run.NEXTDownload the appropriate version for your system of the Farbar Recovery Scan Tool and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options. To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there[*]Press Scan button.[*]type exit and reboot the computer normally[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply. Link to post Share on other sites More sharing options...
ARRGH9 Posted March 7, 2013 Author ID:654216 Share Posted March 7, 2013 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-03-2013 01Ran by SYSTEM at 06-03-2013 17:14:12Running from F:\Windows 7 Professional (X64) OS Language: English(US)The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13307496 2011-10-16] (Realtek Semiconductor)HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)HKLM\...\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-02-28] (AVAST Software)HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)HKU\Girrard\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2011-04-19] (AMD)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1AppInit_DLLs: C:\Windows\system32\guard64.dllTcpip\..\Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}: [NameServer]8.26.56.26,156.154.70.22Tcpip\..\Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5}: [NameServer]8.26.56.26,156.154.70.22==================== Services (Whitelisted) ===================3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 2013-02-28] (AVAST Software)2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO)==================== Drivers (Whitelisted) =====================1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21616 2011-11-02] ()2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33472 2013-02-28] (AVAST Software)2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [80888 2013-02-28] (AVAST Software)1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [71064 2013-02-28] (AVAST Software)0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65408 2013-02-28] ()1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1025880 2013-02-28] (AVAST Software)1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [377992 2013-02-28] (AVAST Software)1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [68992 2013-02-28] (AVAST Software)0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [177672 2013-02-28] ()1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO)1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [38144 2012-11-07] (COMODO)3 DigiartyVirtualCDBus; C:\Windows\System32\Drivers\DigiartyVirtualCDBus.sys [276256 2012-12-24] (Digiarty Software, Inc.)1 inspect; C:\Windows\System32\Drivers\inspect.sys [94288 2012-11-07] (COMODO)3 RTL8192cu; C:\Windows\System32\Drivers\RTL8192cu.sys [848384 2011-02-10] (Realtek Semiconductor Corporation )3 gdrv; \??\C:\Windows\gdrv.sys [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2013-03-06 17:13 - 2013-03-06 17:13 - 00000000 ____D C:\FRST2013-03-06 15:53 - 2013-03-06 15:53 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\Girrard\Desktop\unhide.exe2013-03-06 15:52 - 2013-03-06 15:54 - 00002506 ____A C:\Users\Girrard\Desktop\unhide.txt2013-03-06 12:05 - 2013-03-06 12:05 - 00015981 ____A C:\Users\Girrard\Desktop\dds.txt2013-03-06 12:05 - 2013-03-06 12:05 - 00011788 ____A C:\Users\Girrard\Desktop\attach.txt2013-03-06 10:52 - 2013-03-06 10:52 - 00001009 ____A C:\Users\Girrard\Desktop\Glary Undelete.lnk2013-03-06 10:52 - 2013-03-06 10:52 - 00000170 ____A C:\Users\Girrard\Desktop\Glarysoft Freeware.url2013-03-06 10:52 - 2013-03-06 10:52 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\GlarySoft2013-03-06 08:32 - 2013-03-06 11:37 - 00000000 ____D C:\Users\Girrard\Desktop\various music recov2013-03-06 08:32 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\aoe3 recov2013-03-06 08:32 - 2013-03-06 09:06 - 00000000 ____D C:\Users\Girrard\Desktop\other recov2013-03-06 08:17 - 2013-03-06 10:52 - 00000000 ____D C:\Program Files (x86)\Glary Undelete2013-03-06 07:23 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\Malwarebytes' Anti-Malware2013-03-06 05:16 - 2013-03-06 10:11 - 00000000 ____D C:\Users\Girrard\Desktop\Remo Recover 4.02013-03-06 05:16 - 2009-02-12 14:11 - 00026024 ____A (EldoS Corporation) C:\Windows\System32\Drivers\rsdrvx64.sys2013-03-05 18:31 - 2013-03-05 18:31 - 00579488 ____A C:\Users\Girrard\Desktop\Presentation1.pptx2013-03-05 17:26 - 2013-03-06 10:13 - 00000000 ____D C:\Users\Girrard\Desktop\Age of Empires III2013-03-05 17:18 - 2013-03-05 20:02 - 00000000 ____D C:\Users\Girrard\Documents\DESKTOP STUFF2013-03-05 16:36 - 2013-02-28 00:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys2013-03-05 16:36 - 2013-02-28 00:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys2013-03-05 16:22 - 2013-03-06 10:11 - 00000000 ____D C:\ProgramData\InstallMate2013-03-05 16:22 - 2013-03-05 16:22 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\WinPatrol2013-03-05 16:13 - 2013-03-05 16:14 - 00000000 ____D C:\Users\Girrard\MP3 Rocket2013-03-05 10:29 - 2013-03-05 13:19 - 00000000 ____D C:\Users\Girrard\Desktop\player2013-02-27 10:21 - 2013-03-05 16:38 - 00004438 ____A C:\Windows\PFRO.log2013-02-27 10:01 - 2013-03-06 16:07 - 00005436 ____A C:\Windows\setupact.log2013-02-27 10:01 - 2013-02-27 10:01 - 00000000 ____A C:\Windows\setuperr.log2013-02-22 13:00 - 2013-02-22 13:00 - 00000000 ____D C:\Users\Girrard\Documents\wsInspector2013-02-19 15:49 - 2013-03-05 13:01 - 00000000 ____D C:\Users\Girrard\Desktop\Movies2013-02-09 11:16 - 2013-02-09 11:16 - 00000000 ____D C:\ProgramData\McAfee2013-02-06 13:28 - 2013-02-06 13:28 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\ProgSense2013-02-06 13:26 - 2013-03-05 10:15 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\Orbit2013-02-06 13:21 - 2013-02-06 13:21 - 00000000 ____D C:\Windows\Sun2013-02-06 13:20 - 2013-02-06 13:20 - 00000000 ____D C:\Users\Girrard\Documents\MyFlash2013-02-06 13:05 - 2013-02-06 13:05 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\AnvSoft==================== One Month Modified Files and Folders =======2013-03-06 17:13 - 2013-03-06 17:13 - 00000000 ____D C:\FRST2013-03-06 16:10 - 2012-12-17 13:15 - 01136936 ____A C:\Windows\WindowsUpdate.log2013-03-06 16:10 - 2009-07-13 20:45 - 00020512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-03-06 16:10 - 2009-07-13 20:45 - 00020512 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-03-06 16:07 - 2013-02-27 10:01 - 00005436 ____A C:\Windows\setupact.log2013-03-06 16:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-03-06 15:55 - 2009-07-13 21:13 - 00778150 ____A C:\Windows\System32\PerfStringBackup.INI2013-03-06 15:54 - 2013-03-06 15:52 - 00002506 ____A C:\Users\Girrard\Desktop\unhide.txt2013-03-06 15:53 - 2013-03-06 15:53 - 00398752 ____A (Bleeping Computer, LLC) C:\Users\Girrard\Desktop\unhide.exe2013-03-06 15:03 - 2012-12-17 19:23 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-03-06 12:13 - 2012-12-18 13:40 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\uTorrent2013-03-06 12:05 - 2013-03-06 12:05 - 00015981 ____A C:\Users\Girrard\Desktop\dds.txt2013-03-06 12:05 - 2013-03-06 12:05 - 00011788 ____A C:\Users\Girrard\Desktop\attach.txt2013-03-06 11:37 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\various music recov2013-03-06 11:13 - 2012-12-17 20:04 - 00000000 ____D C:\Users\Girrard\Desktop\Docs2013-03-06 10:52 - 2013-03-06 10:52 - 00001009 ____A C:\Users\Girrard\Desktop\Glary Undelete.lnk2013-03-06 10:52 - 2013-03-06 10:52 - 00000170 ____A C:\Users\Girrard\Desktop\Glarysoft Freeware.url2013-03-06 10:52 - 2013-03-06 10:52 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\GlarySoft2013-03-06 10:52 - 2013-03-06 08:17 - 00000000 ____D C:\Program Files (x86)\Glary Undelete2013-03-06 10:13 - 2013-03-05 17:26 - 00000000 ____D C:\Users\Girrard\Desktop\Age of Empires III2013-03-06 10:13 - 2012-12-17 13:16 - 00000000 ____D C:\users\Girrard2013-03-06 10:12 - 2013-01-11 23:33 - 00000000 ____D C:\Users\Girrard\Desktop\Civ IV2013-03-06 10:12 - 2012-12-18 17:18 - 00000000 ____D C:\Users\Girrard\Desktop\hijackthis2013-03-06 10:12 - 2012-12-18 13:36 - 00000000 ____D C:\Users\Girrard\Desktop\League of Legends2013-03-06 10:12 - 2012-12-17 18:33 - 00000000 ____D C:\Users\Girrard\Desktop\Comodo2013-03-06 10:11 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\aoe3 recov2013-03-06 10:11 - 2013-03-06 07:23 - 00000000 ____D C:\Users\Girrard\Desktop\Malwarebytes' Anti-Malware2013-03-06 10:11 - 2013-03-06 05:16 - 00000000 ____D C:\Users\Girrard\Desktop\Remo Recover 4.02013-03-06 10:11 - 2013-03-05 16:22 - 00000000 ____D C:\ProgramData\InstallMate2013-03-06 10:11 - 2012-12-17 13:16 - 00000000 ____D C:\Users\Girrard\AppData\Local\VirtualStore2013-03-06 10:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration2013-03-06 09:06 - 2013-03-06 08:32 - 00000000 ____D C:\Users\Girrard\Desktop\other recov2013-03-05 20:02 - 2013-03-05 17:18 - 00000000 ____D C:\Users\Girrard\Documents\DESKTOP STUFF2013-03-05 18:31 - 2013-03-05 18:31 - 00579488 ____A C:\Users\Girrard\Desktop\Presentation1.pptx2013-03-05 16:44 - 2012-12-17 19:22 - 00000000 ____D C:\ProgramData\Adobe2013-03-05 16:38 - 2013-02-27 10:21 - 00004438 ____A C:\Windows\PFRO.log2013-03-05 16:36 - 2012-12-17 18:04 - 00000000 ____A C:\Windows\SysWOW64\config.nt2013-03-05 16:30 - 2012-12-17 19:38 - 00000000 ____D C:\Program Files (x86)\Java2013-03-05 16:30 - 2012-12-17 19:12 - 00003981 ____A C:\Windows\SysWOW64\jupdate-1.6.0_01-b06.log2013-03-05 16:22 - 2013-03-05 16:22 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\WinPatrol2013-03-05 16:14 - 2013-03-05 16:13 - 00000000 ____D C:\Users\Girrard\MP3 Rocket2013-03-05 16:07 - 2012-12-17 19:09 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\MP3Rocket2013-03-05 13:19 - 2013-03-05 10:29 - 00000000 ____D C:\Users\Girrard\Desktop\player2013-03-05 13:01 - 2013-02-19 15:49 - 00000000 ____D C:\Users\Girrard\Desktop\Movies2013-03-05 10:15 - 2013-02-06 13:26 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\Orbit2013-03-03 19:33 - 2012-12-17 19:21 - 00000000 ____D C:\Users\Girrard\Incomplete2013-03-03 18:34 - 2012-12-23 19:21 - 00000000 ____D C:\ProgramData\DVD Shrink2013-03-03 17:25 - 2012-12-18 06:36 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\NCH Software2013-03-03 17:25 - 2012-12-18 06:36 - 00000000 ____D C:\ProgramData\NCH Software2013-02-28 00:36 - 2013-03-05 16:36 - 00177672 ____A C:\Windows\System32\Drivers\aswVmm.sys2013-02-28 00:36 - 2013-03-05 16:36 - 00065408 ____A C:\Windows\System32\Drivers\aswRvrt.sys2013-02-28 00:36 - 2012-12-17 18:04 - 01025880 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys2013-02-28 00:36 - 2012-12-17 18:04 - 00377992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys2013-02-28 00:36 - 2012-12-17 18:04 - 00080888 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys2013-02-28 00:36 - 2012-12-17 18:04 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys2013-02-28 00:36 - 2012-12-17 18:04 - 00068992 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys2013-02-28 00:36 - 2012-12-17 18:04 - 00033472 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys2013-02-28 00:36 - 2012-12-17 18:03 - 00041664 ____A (AVAST Software) C:\Windows\avastSS.scr2013-02-28 00:35 - 2012-12-17 18:04 - 00287840 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe2013-02-27 10:30 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-02-27 10:01 - 2013-02-27 10:01 - 00000000 ____A C:\Windows\setuperr.log2013-02-27 07:09 - 2013-01-25 20:18 - 00000000 ____D C:\Windows\Minidump2013-02-27 07:09 - 2012-12-17 14:06 - 00000000 ____D C:\Windows\Panther2013-02-27 07:03 - 2013-01-06 11:04 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\wsInspector2013-02-26 13:03 - 2012-12-17 19:23 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-02-26 13:03 - 2012-12-17 19:23 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-02-22 13:00 - 2013-02-22 13:00 - 00000000 ____D C:\Users\Girrard\Documents\wsInspector2013-02-20 07:44 - 2013-01-17 07:36 - 00000000 ____D C:\ProgramData\YTD Video Downloader2013-02-16 12:10 - 2012-12-20 13:52 - 00000000 ____D C:\!~dvdAuthorTempDir~2013-02-13 07:35 - 2012-12-18 10:39 - 00000000 ____D C:\Users\Girrard\Desktop\PS32013-02-12 05:08 - 2012-12-17 19:39 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll2013-02-12 05:08 - 2012-12-17 19:39 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll2013-02-09 11:16 - 2013-02-09 11:16 - 00000000 ____D C:\ProgramData\McAfee2013-02-06 13:28 - 2013-02-06 13:28 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\ProgSense2013-02-06 13:21 - 2013-02-06 13:21 - 00000000 ____D C:\Windows\Sun2013-02-06 13:20 - 2013-02-06 13:20 - 00000000 ____D C:\Users\Girrard\Documents\MyFlash2013-02-06 13:05 - 2013-02-06 13:05 - 00000000 ____D C:\Users\Girrard\AppData\Roaming\AnvSoft2013-02-06 12:38 - 2013-01-29 07:12 - 00000000 ____A C:\Windows\Infob.dat2013-02-06 12:38 - 2013-01-29 07:12 - 00000000 ____A C:\Windows\Infoa.dat==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-03-06 05:00:12Restore point made on: 2013-03-06 10:08:53Restore point made on: 2013-03-06 10:19:51==================== Memory info ===========================Percentage of memory in use: 9%Total physical RAM: 8189.55 MBAvailable physical RAM: 7404.34 MBTotal Pagefile: 8187.7 MBAvailable Pagefile: 7393.14 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB==================== Partitions =============================1 Drive c: () (Fixed) (Total:931.41 GB) (Free:740.48 GB) NTFS3 Drive f: (USB20FD) (Removable) (Total:14.92 GB) (Free:14.87 GB) FAT324 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.03 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 14 GB 0 B Partitions of Disk 0:===============Disk ID: 9AF280C4 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 931 GB 101 MB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y System Rese NTFS Partition 100 MB Healthy =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C NTFS Partition 931 GB Healthy =========================================================Partitions of Disk 1:===============Disk ID: 04030201 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 5272 KB==================================================================================Disk: 1Partition 1Type : 0CHidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 F USB20FD FAT32 Removable 14 GB Healthy =========================================================Last Boot: 2013-03-05 13:42==================== End Of Log ============================= Link to post Share on other sites More sharing options...
Staff CatByte Posted March 7, 2013 Staff ID:654219 Share Posted March 7, 2013 Please run the followingRefer to the ComboFix User's Guide Download ComboFix from the following location:Link * IMPORTANT !!! Place ComboFix.exe on your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.You can get help on disabling your protection programs hereDouble click on ComboFix.exe & follow the prompts.Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Post that log in your next replyNote: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.---------------------------------------------------------------------------------------------Ensure your AntiVirus and AntiSpyware applications are re-enabled.---------------------------------------------------------------------------------------------NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error. Link to post Share on other sites More sharing options...
ARRGH9 Posted March 7, 2013 Author ID:654231 Share Posted March 7, 2013 ---*Please note, I did disable all Comodo applications upon reading the prompt they were still on*---ComboFix 13-03-05.01 - Girrard 03/06/2013 17:49:24.1.4 - x64Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.8190.6700 [GMT -7:00]Running from: c:\users\Girrard\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Vid-Saver Extension\ViD-saver extension.dll..((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 )))))))))))))))))))))))))))))))..2013-03-07 01:13 . 2013-03-07 01:13 -------- d-----w- C:\FRST2013-03-07 00:52 . 2013-03-07 00:52 -------- d-----w- c:\users\Default\AppData\Local\temp2013-03-06 18:52 . 2013-03-06 18:52 -------- d-----w- c:\users\Girrard\AppData\Roaming\GlarySoft2013-03-06 16:17 . 2013-03-06 18:52 -------- d-----w- c:\program files (x86)\Glary Undelete2013-03-06 13:16 . 2009-02-12 22:11 26024 ----a-w- c:\windows\system32\drivers\rsdrvx64.sys2013-03-06 00:36 . 2013-02-28 08:36 177672 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-03-06 00:36 . 2013-02-28 08:36 65408 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-03-06 00:22 . 2013-03-06 00:22 -------- d-----w- c:\users\Girrard\AppData\Roaming\WinPatrol2013-03-06 00:22 . 2013-03-06 18:11 -------- d-----w- c:\programdata\InstallMate2013-03-06 00:13 . 2013-03-06 00:14 -------- d-----w- c:\users\Girrard\MP3 Rocket2013-02-22 21:00 . 2013-02-22 21:01 -------- d-----w- c:\users\Girrard\Startup Inspector for Windows2013-02-12 13:08 . 2013-03-06 00:28 -------- d-----w- c:\program files (x86)\Common Files\Java2013-02-09 19:16 . 2013-02-09 19:16 -------- d-----w- c:\programdata\McAfee2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- C:\Downloads2013-02-06 21:28 . 2013-02-06 21:28 -------- d-----w- c:\users\Girrard\AppData\Roaming\ProgSense2013-02-06 21:26 . 2013-03-05 18:15 -------- d-----w- c:\users\Girrard\AppData\Roaming\Orbit2013-02-06 21:21 . 2013-02-06 21:21 -------- d-----w- c:\windows\Sun2013-02-06 21:05 . 2013-02-06 21:05 -------- d-----w- c:\users\Girrard\AppData\Roaming\AnvSoft...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-28 08:36 . 2012-12-18 02:04 68992 ----a-w- c:\windows\system32\drivers\aswTdi.sys2013-02-28 08:36 . 2012-12-18 02:04 377992 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-02-28 08:36 . 2012-12-18 02:04 71064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-02-28 08:36 . 2012-12-18 02:04 1025880 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-02-28 08:36 . 2012-12-18 02:04 80888 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-02-28 08:36 . 2012-12-18 02:04 33472 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2013-02-28 08:36 . 2012-12-18 02:03 41664 ----a-w- c:\windows\avastSS.scr2013-02-28 08:35 . 2012-12-18 02:04 287840 ----a-w- c:\windows\system32\aswBoot.exe2013-02-26 21:03 . 2012-12-18 03:23 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-26 21:03 . 2012-12-18 03:23 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-02-12 13:08 . 2012-12-18 03:39 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-02-12 13:08 . 2012-12-18 03:39 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-01-02 00:08 . 2013-01-02 00:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2013-01-02 00:08 . 2013-01-02 00:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll2013-01-02 00:08 . 2013-01-02 00:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll2013-01-02 00:08 . 2013-01-02 00:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll2012-12-24 22:30 . 2012-12-24 04:10 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys2012-12-19 22:45 . 2012-12-19 22:45 222720 ----a-w- c:\windows\system32\clinfo.exe2012-12-19 22:44 . 2012-12-19 22:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll2012-12-19 22:44 . 2012-12-19 22:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll2012-12-19 22:44 . 2012-12-19 22:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll2012-12-19 22:44 . 2012-12-19 22:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll2012-12-19 22:44 . 2012-12-19 22:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll2012-12-19 22:38 . 2012-12-19 22:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll2012-12-19 22:34 . 2012-12-19 22:34 54784 ----a-w- c:\windows\system32\OpenCL.dll2012-12-19 22:34 . 2012-12-19 22:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll2012-12-19 20:50 . 2012-12-19 20:50 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll2012-12-19 20:09 . 2012-12-19 20:09 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll2012-12-19 20:08 . 2011-04-20 02:07 1151488 ----a-w- c:\windows\system32\aticfx64.dll2012-12-19 20:06 . 2012-12-19 20:06 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll2012-12-19 19:59 . 2012-12-19 19:59 5087744 ----a-w- c:\windows\system32\atiumd6a.dll2012-12-19 19:57 . 2012-12-19 19:57 442368 ----a-w- c:\windows\system32\atidemgy.dll2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll2012-12-19 19:49 . 2011-04-20 01:49 7370752 ----a-w- c:\windows\system32\atidxx64.dll2012-12-19 19:44 . 2012-12-19 19:44 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll2012-12-19 19:44 . 2012-12-19 19:44 6786560 ----a-w- c:\windows\system32\atiumd64.dll2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll2012-12-19 19:33 . 2012-12-19 19:33 619008 ----a-w- c:\windows\system32\atiadlxx.dll2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys2012-12-19 19:31 . 2011-04-20 01:21 130048 ----a-w- c:\windows\system32\atiuxp64.dll2012-12-19 19:31 . 2012-12-19 19:31 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll2012-12-19 19:31 . 2012-12-19 19:31 104448 ----a-w- c:\windows\system32\atiu9p64.dll2012-12-19 19:30 . 2012-12-19 19:30 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll2012-12-18 16:16 . 2012-12-18 16:16 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll2012-12-18 16:16 . 2012-12-18 16:16 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2012-12-18 16:16 . 2012-12-18 16:16 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2012-12-18 16:16 . 2012-12-18 16:16 74752 ----a-w- c:\windows\SysWow64\iesetup.dll2012-12-18 16:16 . 2012-12-18 16:16 63488 ----a-w- c:\windows\SysWow64\tdc.ocx2012-12-18 16:16 . 2012-12-18 16:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2012-12-18 16:16 . 2012-12-18 16:16 420864 ----a-w- c:\windows\SysWow64\vbscript.dll2012-12-18 16:16 . 2012-12-18 16:16 367104 ----a-w- c:\windows\SysWow64\html.iec2012-12-18 16:16 . 2012-12-18 16:16 35840 ----a-w- c:\windows\SysWow64\imgutil.dll2012-12-18 16:16 . 2012-12-18 16:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2012-12-18 16:16 . 2012-12-18 16:16 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll2012-12-18 16:16 . 2012-12-18 16:16 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll2012-12-18 16:16 . 2012-12-18 16:16 161792 ----a-w- c:\windows\SysWow64\msls31.dll2012-12-18 16:16 . 2012-12-18 16:16 152064 ----a-w- c:\windows\SysWow64\wextract.exe2012-12-18 16:16 . 2012-12-18 16:16 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2012-12-18 16:16 . 2012-12-18 16:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe2012-12-18 16:16 . 2012-12-18 16:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl2012-12-18 16:16 . 2012-12-18 16:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe2012-12-18 16:16 . 2012-12-18 16:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll2012-12-18 16:16 . 2012-12-18 16:16 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2012-12-18 16:16 . 2012-12-18 16:16 101888 ----a-w- c:\windows\SysWow64\admparse.dll2012-12-18 16:16 . 2012-12-18 16:16 96768 ----a-w- c:\windows\system32\mshtmled.dll2012-12-18 16:16 . 2012-12-18 16:16 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2012-12-18 16:16 . 2012-12-18 16:16 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2012-12-18 16:16 . 2012-12-18 16:16 89088 ----a-w- c:\windows\system32\ie4uinit.exe2012-12-18 16:16 . 2012-12-18 16:16 85504 ----a-w- c:\windows\system32\jsproxy.dll2012-12-18 16:16 . 2012-12-18 16:16 85504 ----a-w- c:\windows\system32\iesetup.dll2012-12-18 16:16 . 2012-12-18 16:16 82432 ----a-w- c:\windows\system32\icardie.dll2012-12-18 16:16 . 2012-12-18 16:16 816640 ----a-w- c:\windows\system32\jscript.dll2012-12-18 16:16 . 2012-12-18 16:16 76800 ----a-w- c:\windows\system32\tdc.ocx2012-12-18 16:16 . 2012-12-18 16:16 729088 ----a-w- c:\windows\system32\msfeeds.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-04-20 393216].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-12-24 276256]R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-11-02 21616]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-08 584056]S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-08 38144]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-02-28 80888]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-08-11 104560]S3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-02-10 848384]..Contents of the 'Scheduled Tasks' folder.2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 21:03]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-02-28 08:35 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680]"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_DLLs"=c:\windows\System32\guard64.dll.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.yahoo.com/?ilc=14mLocal Page = c:\windows\SysWOW64\blank.htmIE: &Download by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/201IE: &Grab video by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/204IE: Do&wnload selected by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/203IE: Down&load all by Orbit - c:\users\Girrard\Desktop\Audio-Video\NCH Software\Algorithm\New folder\Orbitdownloader\orbitmxt.dll/202IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105TCP: DhcpNameServer = 192.168.1.1TCP: Interfaces\{4C0CA7B6-3FE1-440F-A7A8-6F303891EBDB}: NameServer = 8.26.56.26,156.154.70.22TCP: Interfaces\{7206DB69-FC8C-4E02-882D-32368A869EB5}: NameServer = 8.26.56.26,156.154.70.22.- - - - ORPHANS REMOVED - - - -.BHO-{11111111-1111-1111-1111-110211181108} - c:\program files (x86)\Vid-Saver Extension\Vid-Saver Extension.dllHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startAddRemove-Debut - c:\program files (x86)\NCH Software\Debut\debut.exeAddRemove-Free DVD ISO Burner (by minidvdsoft)_is1 - c:\users\Girrard\Desktop\Audio-Video\Free DVD ISO Burner\unins000.exeAddRemove-PS3 Media Server - c:\users\Girrard\Desktop\Audio-Video\PS3 Media Server\uninst.exeAddRemove-Total Video Converter 3.71_is1 - c:\users\Girrard\Desktop\Audio-Video\Total Video Converter\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-03-06 17:55:08ComboFix-quarantined-files.txt 2013-03-07 00:55.Pre-Run: 795,066,892,288 bytes freePost-Run: 794,510,708,736 bytes free.- - End Of File - - EE2FDAB2BB8DEF4C09BAB49289CAABAC Link to post Share on other sites More sharing options...
Staff CatByte Posted March 7, 2013 Staff ID:654235 Share Posted March 7, 2013 Please run the following:Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts.Right-mouse click JRT.exe and select Run as administratorThe tool will open and start scanning your system.Please be patient as this can take a while to complete.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next messageNEXTDownload AdwCleaner from here and save it to your desktop.Run AdwCleaner and select DeleteOnce done it will ask to reboot, allow the rebootOn reboot a log will be produced, please attach the content of the log to your next replyNEXTPlease open your MalwareBytes AntiMalware ProgramClick the Update Tab and search for updatesIf an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected. <-- very importantWhen disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.Copy&Paste the entire report in your next reply.Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. NEXTGo here to run an online scanner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activeX control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan completes, press the LIST OF THREATS FOUND buttonPress EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop Include the contents of this report in your next reply.Press the BACK button.Press Finish Link to post Share on other sites More sharing options...
ARRGH9 Posted March 7, 2013 Author ID:654284 Share Posted March 7, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.6.9 (03.06.2013:1)OS: Windows 7 Professional x64Ran by Girrard on Wed 03/06/2013 at 18:13:24.46~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_current_user\software\1clickdownloadSuccessfully deleted: [Registry Key] hkey_current_user\software\billp studios\detected\startupSuccessfully deleted: [Registry Key] hkey_current_user\software\conduitSuccessfully deleted: [Registry Key] hkey_local_machine\software\conduitSuccessfully deleted: [Registry Key] hkey_local_machine\software\firstsearchSuccessfully deleted: [Registry Key] hkey_local_machine\software\iminentSuccessfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensionsSuccessfully deleted: [Registry Key] hkey_current_user\software\sweetimSuccessfully deleted: [Registry Key] hkey_local_machine\software\sweetimSuccessfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossriderSuccessfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.BHOSuccessfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.SandboxSuccessfully deleted: [Registry Key-Heur] HKEY_CLASSES_ROOT\CrossriderApp0021808.Sandbox.1Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.BHOSuccessfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.SandboxSuccessfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021808.Sandbox.1Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\installmate"Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 03/06/2013 at 18:21:32.59End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v2.114 - Logfile created 03/06/2013 at 18:49:13# Updated 05/03/2013 by Xplode# Operating system : Windows 7 Professional (64 bits)# User : Girrard - G-COM# Boot Mode : Normal# Running from : C:\Users\Girrard\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Deleted on reboot : C:\Program Files (x86)\Common Files\Speedbit***** [Registry] *****Key Deleted : HKCU\Software\GreenTree ApplicationsKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181108}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181108}Key Deleted : HKCU\Software\SpeedBitKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181108}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181108}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekfKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181108}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181108}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181108}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16457[OK] Registry is clean.-\\ Google Chrome v [unable to get version]File : C:\Users\Girrard\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[s1].txt - [2149 octets] - [06/03/2013 18:49:13]########## EOF - C:\AdwCleaner[s1].txt - [2209 octets] ########## Link to post Share on other sites More sharing options...
ARRGH9 Posted March 7, 2013 Author ID:654294 Share Posted March 7, 2013 Malwarebytes Anti-Malware 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.03.07.03Windows 7 x64 NTFSInternet Explorer 9.0.8112.16421Girrard :: G-COM [administrator]3/6/2013 7:28:25 PMmbam-log-2013-03-06 (19-28-25).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 213030Time elapsed: 1 minute(s), 37 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
ARRGH9 Posted March 7, 2013 Author ID:654305 Share Posted March 7, 2013 C:\Qoobox\Quarantine\C\Program Files (x86)\Vid-Saver Extension\ViD-saver extension.dll.vir a variant of Win32/Toolbar.CrossRider.A application Link to post Share on other sites More sharing options...
Staff CatByte Posted March 7, 2013 Staff ID:654307 Share Posted March 7, 2013 that item is in ComboFix quarantine and will be removed when we uninstall ComboFixplease remove this old version of Java from Programs and FeaturesJava™ SE Runtime Environment 6 Update 1Please advise how the computer is running now and if there are any outstanding issues Link to post Share on other sites More sharing options...
ARRGH9 Posted March 7, 2013 Author ID:654310 Share Posted March 7, 2013 Now I have a desktop full of scanners you had me download, and devoid of any of my missing folders and files Link to post Share on other sites More sharing options...
ARRGH9 Posted March 7, 2013 Author ID:654335 Share Posted March 7, 2013 And to think... I could have completely reinstalled windows and put most of my files and programs back in place by now... Link to post Share on other sites More sharing options...
Staff CatByte Posted March 7, 2013 Staff ID:654404 Share Posted March 7, 2013 then that's what you need to doI'm sorry to have wasted your time by checking for malware on your machineplease accept my apologies Link to post Share on other sites More sharing options...
Maurice Naggar Posted March 10, 2013 ID:655439 Share Posted March 10, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts