kobhrax Posted May 14, 2013 ID:679212 Share Posted May 14, 2013 Got this nasty virus. Ran a full scan with up to date malwarebytes and it didnt find anything. Here is the log from the dds scan. Please help. Thanks.DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORKInternet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2Run by Clark Walmer at 17:17:52 on 2013-05-13Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4489 [GMT -7:00].AV: PC Tools Spyware Doctor with AntiVirus *Enabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: PC Tools Spyware Doctor with AntiVirus *Enabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\Explorer.EXEC:\Windows\system32\ctfmon.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxps://isearch.avg.com/?cid={C193BECC-9599-4714-9E3F-5940ED89BDAF}&mid=fe9b20ced30647d094c0591a68ef3f90-4137ac10d58ae1cbb91d159c682c630c52d16d48〈=en&ds=gl011&pr=sa&d=2012-08-02 16:43:08&v=12.1.0.21&sap=hpuDefault_Page_URL = hxxp://www.dell.comuURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dllBHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dllBHO: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dllBHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dllBHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllBHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dllTB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>TB: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dllTB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dllTB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dllTB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dlluRun: [ctfmon.exe] C:\Windows\System32\ctfmon.exeuRun: [startNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECTuRun: [intel] rundll32.exe "C:\ProgramData\Intel\diagagnt.dll",#1uRun: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exemRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exemRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2mRun: [FAStartup] <no file>mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"StartupFolder: C:\Users\Clark Walmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccipStartupFolder: C:\Users\CLARKW~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTELD~1.LNK - C:\Windows\System32\rundll32.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllLSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dllDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cabTCP: NameServer = 68.94.156.1 68.94.157.1TCP: Interfaces\{14A62BF0-8FB3-4D2E-A7B4-2DA3DB7D8432} : DHCPNameServer = 68.94.156.1 68.94.157.1TCP: Interfaces\{14A62BF0-8FB3-4D2E-A7B4-2DA3DB7D8432}\36D6E65647D2E65677 : DHCPNameServer = 68.94.156.1 68.94.157.1TCP: Interfaces\{14A62BF0-8FB3-4D2E-A7B4-2DA3DB7D8432}\5487472756D6562435 : DHCPNameServer = 192.168.1.254Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllNotify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dllAppInit_DLLs= C:\Windows\SysWOW64\nvinit.dllSSODL: WebCheck - <orphaned>LSA: Notification Packages = scecli FAPassSyncx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -sx64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exex64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startupx64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"x64-Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat"x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabx64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Clark Walmer\AppData\Roaming\Mozilla\Firefox\Profiles\3yplz7mf.default\FF - prefs.js: browser.startup.homepage - cbs.sportsline.comFF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dllFF - plugin: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrlui.dllFF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_169.dllFF - plugin: C:\Windows\System32\npDeployJava1.dllFF - plugin: C:\Windows\System32\npmproxy.dll.============= SERVICES / DRIVERS ===============.R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-4-26 30496]R0 PCTCore;PCTools KDS;C:\Windows\System32\drivers\PCTCore64.sys [2011-5-12 426616]R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2011-5-12 453896]R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2011-5-12 1096176]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-4-25 55856]R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-4-25 21616]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-2 39768]R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-5-12 341200]R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-4-25 27760]R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-4-25 82432]R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-4-25 181760]R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]S0 TfFsMon;TfFsMon;C:\Windows\System32\drivers\TfFsMon.sys [2012-8-9 65664]S0 TFSysMon;TFSysMon;C:\Windows\System32\drivers\TfSysMon.sys [2012-8-9 706776]S1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-4-26 284448]S1 PCTSD;PC Tools Spyware Doctor Driver;C:\Windows\System32\drivers\PCTSD64.sys [2011-5-12 251560]S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-25 98208]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]S2 Browser Defender Update Service;Browser Defender Update Service;C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-5-12 575448]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]S2 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2013-1-11 135824]S2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-1 2428552]S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]S2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2011-5-12 402368]S2 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2011-5-12 1118680]S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-4-25 1692480]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-4-18 412960]S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-25 2656280]S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880]S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-4-25 175168]S3 FACAP;facap, FastAccess Video Capture;C:\Windows\System32\drivers\facap.sys [2008-9-24 238848]S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-4-25 158976]S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-25 317440]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2011-4-25 121960]S3 PCTBD;PC Tools Browser Defender Driver;C:\Windows\System32\drivers\PCTBD64.sys [2011-11-10 85224]S3 pctplsg;pctplsg;C:\Windows\System32\drivers\pctplsg64.sys [2011-5-12 92928]S3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2011-4-25 29288]S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]S3 RTCore64;RTCore64;C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [2013-4-5 15176]S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]S3 TfNetMon;TfNetMon;C:\Windows\System32\drivers\TfNetMon.sys [2012-8-9 41968]S3 ThreatFire;ThreatFire;C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service --> C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe service [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-24 59392]S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-6 1255736]S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-12-1 42392]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-05-13 04:29:26 -------- d-----w- C:\Users\Clark Walmer\AppData\Roaming\Optimizer Pro2013-05-13 04:24:17 -------- d-----w- C:\Program Files (x86)\Optimizer Pro2013-05-13 04:24:09 81920 ----a-w- C:\Windows\eSellerateControl350.dll2013-05-13 04:24:09 356352 ----a-w- C:\Windows\eSellerateEngine.dll2013-05-13 04:24:09 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll2013-05-13 04:24:09 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll2013-05-13 04:24:08 -------- d-----w- C:\Program Files (x86)\Joint Chiefs Of Staff Virus Removal Tool2013-05-13 04:05:01 -------- d-sh--w- C:\found.0012013-05-13 00:12:06 64512 ----a-w- C:\Users\Clark Walmer\javaw.dll2013-05-13 00:12:06 13312 ----a-w- C:\ProgramData\java.dll2013-04-26 18:58:05 -------- d-----w- C:\Windows\SysWow64\directx2013-04-26 18:57:48 -------- d-----w- C:\Program Files (x86)\RivaTuner Statistics Server2013-04-26 15:38:48 -------- d-----w- C:\Program Files (x86)\EVGA Precision X2013-04-26 07:42:18 -------- d-----w- C:\Windows\SysWow64\NV2013-04-26 07:42:18 -------- d-----w- C:\Windows\System32\NV2013-04-26 07:39:01 884512 ----a-w- C:\Windows\System32\nvvsvc.exe2013-04-26 07:39:01 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll2013-04-26 07:39:01 6488352 ----a-w- C:\Windows\System32\nvcpl.dll2013-04-26 07:39:01 63776 ----a-w- C:\Windows\System32\nvshext.dll2013-04-26 07:39:01 3511072 ----a-w- C:\Windows\System32\nvsvc64.dll2013-04-26 07:39:01 3122645 ----a-w- C:\Windows\System32\nvcoproc.bin2013-04-26 07:39:01 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll2013-04-26 07:39:01 237856 ----a-w- C:\Windows\System32\nvmctray.dll2013-04-26 07:39:01 1022240 ----a-w- C:\Windows\System32\nv3dappshext.dll2013-04-24 05:09:15 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-04-19 05:16:46 563488 ----a-w- C:\Windows\SysWow64\nvStreaming.exe2013-04-18 23:36:25 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll.==================== Find3M ====================.2013-04-11 05:38:56 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-11 05:38:56 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe2013-03-13 03:59:05 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll2013-03-13 03:59:05 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll2013-03-06 00:35:58 963488 ----a-w- C:\Windows\System32\deployJava1.dll2013-03-06 00:35:58 1085344 ----a-w- C:\Windows\System32\npDeployJava1.dll2013-03-06 00:35:58 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-02-18 15:51:16 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys2013-02-15 06:08:40 44032 ----a-w- C:\Windows\System32\tsgqec.dll2013-02-15 06:06:11 3717632 ----a-w- C:\Windows\System32\mstscax.dll2013-02-15 06:02:26 158720 ----a-w- C:\Windows\System32\aaclient.dll2013-02-15 04:37:10 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-02-15 04:34:10 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll2013-02-15 03:25:51 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll2012-12-01 21:49:18 22761284 ----a-w- C:\Program Files (x86)\NVIDIA Performance.msi.============= FINISH: 17:18:21.97 =============== Link to post Share on other sites More sharing options...
kobhrax Posted May 14, 2013 Author ID:679215 Share Posted May 14, 2013 Here is the attach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 5/4/2011 7:05:04 PMSystem Uptime: 5/12/2013 9:54:59 PM (20 hours ago).Motherboard: Dell Inc. | | 0NJT03Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU | 1995/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 451 GiB total, 190.736 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: TfFsMonDevice ID: ROOT\LEGACY_TFFSMON\0000Manufacturer:Name: TfFsMonPNP Device ID: ROOT\LEGACY_TFFSMON\0000Service: TfFsMon.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: TfSysMonDevice ID: ROOT\LEGACY_TFSYSMON\0000Manufacturer:Name: TfSysMonPNP Device ID: ROOT\LEGACY_TFSYSMON\0000Service: TFSysMon.Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}Description: Security Processor Loader DriverDevice ID: ROOT\LEGACY_SPLDR\0000Manufacturer:Name: Security Processor Loader DriverPNP Device ID: ROOT\LEGACY_SPLDR\0000Service: spldr.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: facap, FastAccess Video CaptureDevice ID: ROOT\IMAGE\0000Manufacturer: Sensible VisionName: facap, FastAccess Video CapturePNP Device ID: ROOT\IMAGE\0000Service: FACAP.==== System Restore Points ===================.RP196: 4/18/2013 4:33:30 PM - Installed Java 7 Update 21RP197: 4/23/2013 11:31:30 PM - Windows UpdateRP198: 4/26/2013 12:36:49 AM - Device Driver Package Install: NVIDIA Display adaptersRP199: 4/26/2013 12:40:23 AM - Device Driver Package Install: NVIDIA Corporation Sound, video and game controllersRP200: 5/3/2013 9:02:08 PM - Scheduled CheckpointRP201: 5/12/2013 5:40:57 AM - Scheduled Checkpoint.==== Installed Programs ======================.AccelerometerP11Adobe Flash Player 11 ActiveX 64-bitAdobe Flash Player 11 PluginAdobe Reader X (10.1.6)Advanced Audio FX EngineApple Application SupportApple Mobile Device SupportApple Software UpdateAVG Security ToolbarBonjourBrowser Guard 4.0CCleanerConsumer In-Home Service AgreementCoziCurse ClientD3DX10Dell DataSafe Local BackupDell DataSafe Local Backup - Support SoftwareDell DataSafe OnlineDell Edoc ViewerDell Getting Started GuideDell MusicStageDell PhotoStageDell StageDell Support CenterDell VideoStageDell Webcam CentralDiablo IIIDirectX 9 RuntimeDownload NavigatoreBayEpson Connect Printer SetupEPSON Connect version 1.0Epson Customer ParticipationEpson Event ManagerEpson FAX UtilityEpson PC-FAX DriverEPSON ScanEPSON WF-2540 Series Printer UninstallEpsonNet PrintEVGA Precision X 4.1.0Face RecognitionFacemoods ToolbarIntel PROSet WirelessIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® PROSet/Wireless WiFi SoftwareIntel® Turbo Boost Technology Monitor 2.0Intel® Wireless DisplayInternet ExploreriTunesJava 7 Update 17 (64-bit)Java 7 Update 21Java Auto UpdaterJava 6 Update 29Java 6 Update 31 (64-bit)JavaFX 2.1.1JDownloader 0.9Joint Chiefs Of Staff Virus Removal ToolJunk Mail filter updateLoJack Factory InstallerMalwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft IntelliPoint 8.2Microsoft LifeChatMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable - KB2467175Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Minefield 4.0b12pre (x64 en-US)Mozilla Firefox 15.0 (x86 en-US)Mozilla Firefox 16.0.1 (x86 en-US)Mozilla Maintenance ServiceMSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Mumble 1.2.3Nightly 23.0a1 (x64 en-US)NVIDIA 3D Vision Driver 320.00NVIDIA Control Panel 320.00NVIDIA DriversNVIDIA GeForce Experience 1.1NVIDIA Graphics Driver 320.00NVIDIA HD Audio Driver 1.3.24.2NVIDIA Install ApplicationNVIDIA Optimus 3.10.8NVIDIA PerformanceNVIDIA PhysXNVIDIA PhysX System Software 9.12.1031NVIDIA Stereoscopic 3D DriverNVIDIA System MonitorNVIDIA System UpdateNVIDIA Update 3.10.8NVIDIA Update ComponentsOptimizer Pro v3.0PC Tools Spyware Doctor with AntiVirus 9.0PDF CreatorPhotoShowExpressQuickset64QuickTimeRBVirtualFolder64InstRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1RivaTuner Statistics Server 5.0.1Roxio Activation ModuleRoxio BackOnTrackRoxio BurnRoxio Creator StarterRoxio Express Labeler 3Roxio File BackupSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Skype ToolbarsSkype™ 5.10Sonic CinePlayer Decoder PackStartNow ToolbarSynaptics Pointing Device DriverUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Ventrilo Client for Windows x64Visual Studio C++ 10.0 RuntimeWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginWinRAR 4.00 (64-bit)World of WarcraftWorld of Warcraft Beta.==== Event Viewer Messages From Past Week ========.5/6/2013 7:48:21 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.5/13/2013 5:18:14 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.5/13/2013 5:14:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}5/12/2013 9:56:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 9:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}5/12/2013 9:55:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}5/12/2013 9:55:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}5/12/2013 9:55:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 215/12/2013 9:55:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}5/12/2013 9:55:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache PCTSD spldr TfFsMon TFSysMon Wanarpv65/12/2013 9:55:34 PM, Error: Service Control Manager [7001] - The Epson Scanner Service service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 9:55:34 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 9:55:16 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.5/12/2013 9:53:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.5/12/2013 9:53:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.5/12/2013 9:53:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.5/12/2013 5:28:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 5:28:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}5/12/2013 5:28:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}5/12/2013 5:27:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy pctgntdi PCTSD Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 5:27:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.5/12/2013 11:02:16 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.5/11/2013 10:15:48 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2013 ID:679217 Share Posted May 14, 2013 Welcome to the forum.Usually the computer won't boot to Windows when you have this malware, how did you manage to run the scans??MrC Link to post Share on other sites More sharing options...
kobhrax Posted May 14, 2013 Author ID:679218 Share Posted May 14, 2013 Booted into safe mode with networking to download the files. If i boot into normal mode the DOJ screen comes up immediately. Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2013 ID:679219 Share Posted May 14, 2013 OK..... here's how we deal with that malware: Please download Farbar Recovery Scan Tool and save it to a flash drive.Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC.If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt. If you are using Vista or Windows 7 enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next. Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.htmlTo enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand PromptSelect Command PromptOnce in the Command Prompt:[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.MrC Link to post Share on other sites More sharing options...
kobhrax Posted May 14, 2013 Author ID:679231 Share Posted May 14, 2013 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-05-2013Ran by SYSTEM on 13-05-2013 18:39:19Running from E:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6561384 2010-12-14] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2186856 2010-12-10] (Realtek Semiconductor)HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)HKLM\...\Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel® Corporation)HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207350 2011-01-25] ()HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2417032 2011-08-01] (Microsoft Corporation)HKLM\...\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" [371712 2009-09-24] (Microsoft Corporation)HKLM\...\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" -f "C:\ProgramData\NVIDIA\Updatus\NvTmru\nvtmru.dat" [18432 2013-05-12] ()HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-08] (Dell)HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)HKLM-x32\...\Run: [FAStartup] [x]HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()HKLM-x32\...\Run: [facemoods] "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I [323584 2010-10-26] (facemoods.com)HKLM-x32\...\Run: [iSTray] "C:\Program Files (x86)\PC Tools Security\pctsGui.exe" /hideGUI [2673624 2012-06-22] (PC Tools)HKLM-x32\...\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe [x]HKLM-x32\...\Run: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe" [x]HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [295072 2012-12-23] (RealNetworks, Inc.)HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [1058400 2012-01-26] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [502912 2012-02-29] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [863360 2012-02-29] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)HKU\Clark Walmer\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)HKU\Clark Walmer\...\Run: [startNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT [1352048 2012-09-06] ()HKU\Clark Walmer\...\Run: [intel] rundll32.exe "C:\ProgramData\Intel\diagagnt.dll",#1 [64512 2013-05-12] ()HKU\Clark Walmer\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134104 2013-02-01] (PC Utilities Pro)AppInit_DLLs: C:\Windows\system32\nvinitx.dll [266960 2013-04-18] (NVIDIA Corporation)Lsa: [Notification Packages] scecli FAPassSyncStartup: C:\Users\Clark Walmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()Startup: C:\Users\Clark Walmer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel Diagnostics.lnkShortcutTarget: Intel Diagnostics.lnk -> C:\ProgramData\Intel\diagagnt.dll ()==================== Services (Whitelisted) =================S2 Browser Defender Update Service; C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()S2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()S2 sdAuxService; C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)S2 sdCoreService; C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)S3 ThreatFire; C:\Program Files (x86)\PC Tools Security\TFEngine\TFService.exe [71008 2012-06-22] (PC Tools)S2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)S2 Updater Service for StartNow Toolbar; C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [265952 2012-06-22] ()S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()==================== Drivers (Whitelisted) ====================S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)S1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-04-18] (NVIDIA Corporation)S3 nvoclk64; C:\Windows\System32\DRIVERS\nvoclk64.sys [42088 2009-09-15] (NVIDIA Corp.)S3 NvStUSB; C:\Windows\system32\DRIVERS\nvstusb.sys [121960 2010-12-12] ()S1 pctgntdi; C:\Windows\System32\drivers\pctgntdi64.sys [341200 2012-06-22] (PC Tools)S3 pctplsg; C:\Windows\System32\drivers\pctplsg64.sys [92928 2012-06-22] (PC Tools)S3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-04-05] ()S3 TfNetMon; C:\Windows\system32\drivers\TfNetMon.sys [41968 2012-06-22] (PC Tools)S3 ivusb; system32\DRIVERS\ivusb.sys [x]S3 PCTBD; System32\Drivers\PCTBD64.sys [x]S0 PCTCore; system32\drivers\PCTCore64.sys [x]S0 pctDS; system32\drivers\pctDS64.sys [x]S0 pctEFA; system32\drivers\pctEFA64.sys [x]S1 PCTSD; System32\Drivers\PCTSD64.sys [x]S0 TfFsMon; system32\drivers\TfFsMon.sys [x]S0 TFSysMon; system32\drivers\TfSysMon.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-13 20:34 - 2013-05-13 20:34 - 01877352 ____A (Farbar) C:\Users\Clark Walmer\Downloads\FRST64.exe2013-05-13 19:18 - 2013-05-13 19:18 - 00023197 ____A C:\Users\Clark Walmer\Desktop\dds.txt2013-05-13 19:18 - 2013-05-13 19:18 - 00015751 ____A C:\Users\Clark Walmer\Desktop\attach.txt2013-05-13 19:16 - 2013-05-13 19:16 - 00688992 ____R (Swearware) C:\Users\Clark Walmer\Desktop\dds.scr2013-05-13 18:39 - 2013-05-13 18:39 - 00000000 ____D C:\FRST2013-05-12 23:52 - 2013-05-13 20:36 - 00000112 ____A C:\Windows\setupact.log2013-05-12 23:52 - 2013-05-12 23:52 - 00000000 ____A C:\Windows\setuperr.log2013-05-12 23:29 - 2013-05-12 23:29 - 00000000 ____D C:\Users\Clark Walmer\Application Data\Optimizer Pro2013-05-12 23:29 - 2013-05-12 23:29 - 00000000 ____D C:\Users\Clark Walmer\AppData\Roaming\Optimizer Pro2013-05-12 23:24 - 2013-05-13 02:34 - 00000000 ____D C:\Program Files (x86)\Joint Chiefs Of Staff Virus Removal Tool2013-05-12 23:24 - 2013-05-12 23:24 - 00001523 ____A C:\Users\Clark Walmer\Desktop\Joint Chiefs Of Staff Virus Removal Tool.lnk2013-05-12 23:24 - 2013-05-12 23:24 - 00001024 ____A C:\Users\Clark Walmer\Desktop\Optimizer Pro.lnk2013-05-12 23:24 - 2013-05-12 23:24 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro2013-05-12 23:24 - 2012-12-10 12:04 - 00356352 ____A (eSellerate Inc.) C:\Windows\eSellerateEngine.dll2013-05-12 23:24 - 2012-12-10 12:04 - 00081920 ____A (eSellerate Inc.) C:\Windows\eSellerateControl350.dll2013-05-12 23:24 - 2009-07-23 19:32 - 01122304 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll2013-05-12 23:24 - 2009-07-23 19:32 - 00274432 ____A (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll2013-05-12 23:23 - 2013-05-12 23:23 - 02711568 ____A (Security Stronghold ) C:\Users\Clark Walmer\Downloads\JointChiefsOfStaffVirusRemovalTool.exe2013-05-12 23:14 - 2013-05-12 23:14 - 00003416 ____N C:\bootsqm.dat2013-05-12 23:05 - 2013-05-12 23:05 - 00000000 __SHD C:\found.0012013-05-12 19:12 - 2013-05-12 19:12 - 00064512 ____A C:\Users\Clark Walmer\javaw.dll2013-05-12 19:12 - 2013-05-12 19:12 - 00013312 ____A C:\ProgramData\java.dll2013-05-12 19:12 - 2013-05-12 19:12 - 00013312 ____A C:\ProgramData\Application Data\java.dll2013-04-29 00:05 - 2013-04-29 00:05 - 00000000 ____D C:\Users\Clark Walmer\Downloads\162013-04-28 23:30 - 2013-04-28 23:31 - 22650637 ____A C:\Users\Clark Walmer\Downloads\16.zip2013-04-28 23:29 - 2013-04-28 23:29 - 00004614 ____A C:\Users\Clark Walmer\Downloads\=_UTF-8_B_U1NGIE5FV1MgQlVMTEVUSU4gREFURUQgMjcgMDQgMjAxMy50eHQ=_=2013-04-26 13:58 - 2013-04-26 13:58 - 00000000 ____D C:\Windows\SysWOW64\directx2013-04-26 13:57 - 2013-04-26 13:57 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server2013-04-26 10:38 - 2013-05-03 20:54 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X2013-04-26 10:38 - 2013-04-26 10:38 - 00001050 ____A C:\Users\Clark Walmer\Desktop\EVGA Precision X.lnk2013-04-26 10:36 - 2013-04-26 10:37 - 15872725 ____A C:\Users\Clark Walmer\Downloads\EVGAPrecisionX.zip2013-04-26 02:42 - 2013-04-26 02:42 - 00000000 ____D C:\Windows\SysWOW64\NV2013-04-26 02:42 - 2013-04-26 02:42 - 00000000 ____D C:\Windows\System32\NV2013-04-26 02:39 - 2013-04-18 21:46 - 06488352 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll2013-04-26 02:39 - 2013-04-18 21:46 - 03511072 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll2013-04-26 02:39 - 2013-04-18 21:46 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll2013-04-26 02:39 - 2013-04-18 21:46 - 01022240 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll2013-04-26 02:39 - 2013-04-18 21:46 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe2013-04-26 02:39 - 2013-04-18 21:46 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll2013-04-26 02:39 - 2013-04-18 21:46 - 00067072 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll2013-04-26 02:39 - 2013-04-18 21:46 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll2013-04-26 02:39 - 2013-04-17 12:30 - 03122645 ____A C:\Windows\System32\nvcoproc.bin2013-04-26 02:27 - 2013-04-18 23:24 - 27765536 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll2013-04-26 02:27 - 2013-04-18 23:24 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll2013-04-26 02:27 - 2013-04-18 23:24 - 21088032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2013-04-26 02:27 - 2013-04-18 23:24 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2013-04-26 02:27 - 2013-04-18 23:24 - 15876728 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll2013-04-26 02:27 - 2013-04-18 23:24 - 15135152 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll2013-04-26 02:27 - 2013-04-18 23:24 - 13382056 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2013-04-26 02:27 - 2013-04-18 23:24 - 12417464 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2013-04-26 02:27 - 2013-04-18 23:24 - 11195168 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys2013-04-26 02:27 - 2013-04-18 23:24 - 09362432 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll2013-04-26 02:27 - 2013-04-18 23:24 - 07820504 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2013-04-26 02:27 - 2013-04-18 23:24 - 07578984 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll2013-04-26 02:27 - 2013-04-18 23:24 - 06276504 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2013-04-26 02:27 - 2013-04-18 23:24 - 02937120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll2013-04-26 02:27 - 2013-04-18 23:24 - 02921288 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll2013-04-26 02:27 - 2013-04-18 23:24 - 02749216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2013-04-26 02:27 - 2013-04-18 23:24 - 02585496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2013-04-26 02:27 - 2013-04-18 23:24 - 02361120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll2013-04-26 02:27 - 2013-04-18 23:24 - 01999136 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2013-04-26 02:27 - 2013-04-18 23:24 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432000.dll2013-04-26 02:27 - 2013-04-18 23:24 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432000.dll2013-04-26 02:27 - 2013-04-18 23:24 - 01055952 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00922576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00284448 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvkflt.sys2013-04-26 02:27 - 2013-04-18 23:24 - 00266960 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00218592 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00214448 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00181488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2013-04-26 02:27 - 2013-04-18 23:24 - 00030496 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys2013-04-26 02:27 - 2013-04-18 23:24 - 00020536 ____A C:\Windows\System32\nvinfo.pb2013-04-26 02:19 - 2013-04-26 02:25 - 225760344 ____A (NVIDIA Corporation) C:\Users\Clark Walmer\Downloads\320.00-notebook-win8-win7-64bit-international-beta.exe2013-04-24 06:35 - 2013-04-24 06:35 - 00000000 ____D C:\Users\Clark Walmer\Downloads\b1(1)2013-04-24 06:27 - 2013-04-24 06:27 - 26693685 ____A C:\Users\Clark Walmer\Downloads\b1(1).zip2013-04-24 00:09 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys2013-04-22 01:12 - 2013-04-22 01:14 - 61096101 ____A C:\Users\Clark Walmer\Downloads\avspp0044_full_low.wmv2013-04-22 01:11 - 2013-04-22 01:11 - 00318904 ____A (Microsoft Corporation) C:\Users\Clark Walmer\Downloads\wmpfirefoxplugin.exe2013-04-19 00:16 - 2013-04-19 00:16 - 00563488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2013-04-18 18:36 - 2013-04-04 07:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-04-18 18:36 - 2013-04-04 07:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-04-18 18:36 - 2013-04-04 07:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-04-18 18:35 - 2013-04-18 18:36 - 00003990 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log2013-04-13 02:51 - 2013-04-13 02:51 - 00000000 ____D C:\Users\Clark Walmer\Downloads\Miss_Rae_2nd_April2013-04-13 02:08 - 2013-04-13 02:50 - 52200909 ____A C:\Users\Clark Walmer\Downloads\Miss_Rae_2nd_April.zip2013-04-13 01:56 - 2013-04-13 01:56 - 00000000 ____D C:\Users\Clark Walmer\Downloads\SToverPH2013-04-13 01:38 - 2013-04-13 01:55 - 49466578 ____A C:\Users\Clark Walmer\Downloads\SToverPH.rar==================== One Month Modified Files and Folders =======2013-05-13 20:37 - 2011-05-12 07:58 - 00000000 ____D C:\Program Files (x86)\PC Tools Security2013-05-13 20:36 - 2013-05-12 23:52 - 00000112 ____A C:\Windows\setupact.log2013-05-13 20:36 - 2013-01-29 19:34 - 00000000 ____D C:\ProgramData\NVIDIA2013-05-13 20:36 - 2013-01-29 19:34 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA2013-05-13 20:36 - 2011-05-12 07:58 - 02740158 ____A C:\Windows\System32\Drivers\Cat.DB2013-05-13 20:36 - 2011-04-25 09:04 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup2013-05-13 20:36 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-13 20:35 - 2009-07-14 00:13 - 00780196 ____A C:\Windows\System32\PerfStringBackup.INI2013-05-13 20:34 - 2013-05-13 20:34 - 01877352 ____A (Farbar) C:\Users\Clark Walmer\Downloads\FRST64.exe2013-05-13 20:23 - 2012-04-03 22:11 - 00000000 ____D C:\Program Files\Nightly2013-05-13 19:18 - 2013-05-13 19:18 - 00023197 ____A C:\Users\Clark Walmer\Desktop\dds.txt2013-05-13 19:18 - 2013-05-13 19:18 - 00015751 ____A C:\Users\Clark Walmer\Desktop\attach.txt2013-05-13 19:16 - 2013-05-13 19:16 - 00688992 ____R (Swearware) C:\Users\Clark Walmer\Desktop\dds.scr2013-05-13 18:39 - 2013-05-13 18:39 - 00000000 ____D C:\FRST2013-05-13 02:34 - 2013-05-12 23:24 - 00000000 ____D C:\Program Files (x86)\Joint Chiefs Of Staff Virus Removal Tool2013-05-12 23:54 - 2011-05-08 11:55 - 00000000 ____D C:\Users\Clark Walmer\Local Settings\Deployment2013-05-12 23:54 - 2011-05-08 11:55 - 00000000 ____D C:\Users\Clark Walmer\Local Settings\Application Data\Deployment2013-05-12 23:54 - 2011-05-08 11:55 - 00000000 ____D C:\Users\Clark Walmer\AppData\Local\Deployment2013-05-12 23:52 - 2013-05-12 23:52 - 00000000 ____A C:\Windows\setuperr.log2013-05-12 23:52 - 2011-04-25 09:36 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks2013-05-12 23:52 - 2011-04-25 09:36 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks2013-05-12 23:52 - 2011-04-25 09:36 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks2013-05-12 23:52 - 2011-04-25 09:36 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks2013-05-12 23:52 - 2011-04-25 09:36 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks2013-05-12 23:52 - 2011-04-25 09:36 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks2013-05-12 23:29 - 2013-05-12 23:29 - 00000000 ____D C:\Users\Clark Walmer\Application Data\Optimizer Pro2013-05-12 23:29 - 2013-05-12 23:29 - 00000000 ____D C:\Users\Clark Walmer\AppData\Roaming\Optimizer Pro2013-05-12 23:24 - 2013-05-12 23:24 - 00001523 ____A C:\Users\Clark Walmer\Desktop\Joint Chiefs Of Staff Virus Removal Tool.lnk2013-05-12 23:24 - 2013-05-12 23:24 - 00001024 ____A C:\Users\Clark Walmer\Desktop\Optimizer Pro.lnk2013-05-12 23:24 - 2013-05-12 23:24 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro2013-05-12 23:23 - 2013-05-12 23:23 - 02711568 ____A (Security Stronghold ) C:\Users\Clark Walmer\Downloads\JointChiefsOfStaffVirusRemovalTool.exe2013-05-12 23:14 - 2013-05-12 23:14 - 00003416 ____N C:\bootsqm.dat2013-05-12 23:05 - 2013-05-12 23:05 - 00000000 __SHD C:\found.0012013-05-12 19:12 - 2013-05-12 19:12 - 00064512 ____A C:\Users\Clark Walmer\javaw.dll2013-05-12 19:12 - 2013-05-12 19:12 - 00013312 ____A C:\ProgramData\java.dll2013-05-12 19:12 - 2013-05-12 19:12 - 00013312 ____A C:\ProgramData\Application Data\java.dll2013-05-12 19:12 - 2011-05-04 21:05 - 00000000 ____D C:\users\Clark Walmer2013-05-12 19:12 - 2011-04-25 08:53 - 00000000 ____D C:\ProgramData\Intel2013-05-12 19:12 - 2011-04-25 08:53 - 00000000 ____D C:\ProgramData\Application Data\Intel2013-05-12 18:51 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-05-12 18:51 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-05-04 10:17 - 2011-05-07 00:09 - 00000000 ____D C:\Program Files (x86)\JDownloader2013-05-04 03:02 - 2012-01-18 03:02 - 00000000 ____D C:\Users\Clark Walmer\Application Data\Real2013-05-04 03:02 - 2012-01-18 03:02 - 00000000 ____D C:\Users\Clark Walmer\AppData\Roaming\Real2013-05-03 20:54 - 2013-04-26 10:38 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X2013-04-29 00:05 - 2013-04-29 00:05 - 00000000 ____D C:\Users\Clark Walmer\Downloads\162013-04-28 23:31 - 2013-04-28 23:30 - 22650637 ____A C:\Users\Clark Walmer\Downloads\16.zip2013-04-28 23:29 - 2013-04-28 23:29 - 00004614 ____A C:\Users\Clark Walmer\Downloads\=_UTF-8_B_U1NGIE5FV1MgQlVMTEVUSU4gREFURUQgMjcgMDQgMjAxMy50eHQ=_=2013-04-26 13:58 - 2013-04-26 13:58 - 00000000 ____D C:\Windows\SysWOW64\directx2013-04-26 13:58 - 2011-04-25 09:11 - 00000000 ___HD C:\Windows\msdownld.tmp2013-04-26 13:57 - 2013-04-26 13:57 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server2013-04-26 10:38 - 2013-04-26 10:38 - 00001050 ____A C:\Users\Clark Walmer\Desktop\EVGA Precision X.lnk2013-04-26 10:37 - 2013-04-26 10:36 - 15872725 ____A C:\Users\Clark Walmer\Downloads\EVGAPrecisionX.zip2013-04-26 02:42 - 2013-04-26 02:42 - 00000000 ____D C:\Windows\SysWOW64\NV2013-04-26 02:42 - 2013-04-26 02:42 - 00000000 ____D C:\Windows\System32\NV2013-04-26 02:39 - 2011-04-25 10:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation2013-04-26 02:38 - 2013-03-18 19:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation2013-04-26 02:38 - 2013-03-18 19:16 - 00000000 ____D C:\ProgramData\Application Data\NVIDIA Corporation2013-04-26 02:38 - 2011-04-25 10:39 - 00000000 ____D C:\Program Files\NVIDIA Corporation2013-04-26 02:25 - 2013-04-26 02:19 - 225760344 ____A (NVIDIA Corporation) C:\Users\Clark Walmer\Downloads\320.00-notebook-win8-win7-64bit-international-beta.exe2013-04-26 02:06 - 2013-04-07 22:44 - 00002038 ____A C:\Users\Public\Desktop\System Update.lnk2013-04-26 02:06 - 2013-04-07 22:44 - 00002038 ____A C:\ProgramData\Desktop\System Update.lnk2013-04-26 02:06 - 2013-04-07 22:42 - 00002136 ____A C:\Users\Public\Desktop\Performance.lnk2013-04-26 02:06 - 2013-04-07 22:42 - 00002136 ____A C:\ProgramData\Desktop\Performance.lnk2013-04-26 02:06 - 2012-06-18 01:12 - 00000868 ____A C:\Users\Public\Desktop\CCleaner.lnk2013-04-26 02:06 - 2012-06-18 01:12 - 00000868 ____A C:\ProgramData\Desktop\CCleaner.lnk2013-04-26 02:06 - 2012-04-03 22:11 - 00000891 ____A C:\Users\Public\Desktop\Nightly.lnk2013-04-26 02:06 - 2012-04-03 22:11 - 00000891 ____A C:\ProgramData\Desktop\Nightly.lnk2013-04-24 06:35 - 2013-04-24 06:35 - 00000000 ____D C:\Users\Clark Walmer\Downloads\b1(1)2013-04-24 06:27 - 2013-04-24 06:27 - 26693685 ____A C:\Users\Clark Walmer\Downloads\b1(1).zip2013-04-23 23:56 - 2012-10-13 17:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2013-04-23 23:55 - 2009-07-14 00:08 - 00032572 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-04-22 01:14 - 2013-04-22 01:12 - 61096101 ____A C:\Users\Clark Walmer\Downloads\avspp0044_full_low.wmv2013-04-22 01:11 - 2013-04-22 01:11 - 00318904 ____A (Microsoft Corporation) C:\Users\Clark Walmer\Downloads\wmpfirefoxplugin.exe2013-04-21 10:39 - 2012-08-12 15:35 - 00001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-04-21 10:39 - 2012-08-12 15:35 - 00001071 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk2013-04-21 10:39 - 2011-05-12 07:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-04-19 00:16 - 2013-04-19 00:16 - 00563488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2013-04-18 23:24 - 2013-04-26 02:27 - 27765536 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll2013-04-18 23:24 - 2013-04-26 02:27 - 25256224 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll2013-04-18 23:24 - 2013-04-26 02:27 - 21088032 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2013-04-18 23:24 - 2013-04-26 02:27 - 17560352 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2013-04-18 23:24 - 2013-04-26 02:27 - 15876728 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll2013-04-18 23:24 - 2013-04-26 02:27 - 15135152 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll2013-04-18 23:24 - 2013-04-26 02:27 - 13382056 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2013-04-18 23:24 - 2013-04-26 02:27 - 12417464 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2013-04-18 23:24 - 2013-04-26 02:27 - 11195168 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys2013-04-18 23:24 - 2013-04-26 02:27 - 09362432 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll2013-04-18 23:24 - 2013-04-26 02:27 - 07820504 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2013-04-18 23:24 - 2013-04-26 02:27 - 07578984 ____A (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll2013-04-18 23:24 - 2013-04-26 02:27 - 06276504 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2013-04-18 23:24 - 2013-04-26 02:27 - 02937120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll2013-04-18 23:24 - 2013-04-26 02:27 - 02921288 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll2013-04-18 23:24 - 2013-04-26 02:27 - 02749216 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2013-04-18 23:24 - 2013-04-26 02:27 - 02585496 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2013-04-18 23:24 - 2013-04-26 02:27 - 02361120 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll2013-04-18 23:24 - 2013-04-26 02:27 - 01999136 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll2013-04-18 23:24 - 2013-04-26 02:27 - 01832224 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco6432000.dll2013-04-18 23:24 - 2013-04-26 02:27 - 01511712 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6432000.dll2013-04-18 23:24 - 2013-04-26 02:27 - 01055952 ____A (NVIDIA Corporation) C:\Windows\System32\nvumdshimx.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00922576 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00550176 ____A (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00518944 ____A (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00443168 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00421152 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00284448 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvkflt.sys2013-04-18 23:24 - 2013-04-26 02:27 - 00266960 ____A (NVIDIA Corporation) C:\Windows\System32\nvinitx.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00218592 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglshim64.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00214448 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00181488 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2013-04-18 23:24 - 2013-04-26 02:27 - 00030496 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvpciflt.sys2013-04-18 23:24 - 2013-04-26 02:27 - 00020536 ____A C:\Windows\System32\nvinfo.pb2013-04-18 23:24 - 2012-11-08 04:13 - 00061216 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll2013-04-18 23:24 - 2012-11-08 04:13 - 00053024 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2013-04-18 21:46 - 2013-04-26 02:39 - 06488352 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll2013-04-18 21:46 - 2013-04-26 02:39 - 03511072 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll2013-04-18 21:46 - 2013-04-26 02:39 - 02555680 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll2013-04-18 21:46 - 2013-04-26 02:39 - 01022240 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll2013-04-18 21:46 - 2013-04-26 02:39 - 00884512 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe2013-04-18 21:46 - 2013-04-26 02:39 - 00237856 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll2013-04-18 21:46 - 2013-04-26 02:39 - 00067072 ____A (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll2013-04-18 21:46 - 2013-04-26 02:39 - 00063776 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll2013-04-18 18:36 - 2013-04-18 18:35 - 00003990 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log2013-04-18 18:36 - 2011-04-25 08:50 - 00000000 ____D C:\Program Files (x86)\Java2013-04-17 12:30 - 2013-04-26 02:39 - 03122645 ____A C:\Windows\System32\nvcoproc.bin2013-04-13 02:51 - 2013-04-13 02:51 - 00000000 ____D C:\Users\Clark Walmer\Downloads\Miss_Rae_2nd_April2013-04-13 02:50 - 2013-04-13 02:08 - 52200909 ____A C:\Users\Clark Walmer\Downloads\Miss_Rae_2nd_April.zip2013-04-13 01:56 - 2013-04-13 01:56 - 00000000 ____D C:\Users\Clark Walmer\Downloads\SToverPH2013-04-13 01:55 - 2013-04-13 01:38 - 49466578 ____A C:\Users\Clark Walmer\Downloads\SToverPH.rar==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-04-18 18:34:26Restore point made on: 2013-04-24 01:31:49Restore point made on: 2013-04-26 02:37:30Restore point made on: 2013-04-26 02:40:28Restore point made on: 2013-05-03 23:02:28Restore point made on: 2013-05-12 07:41:14==================== Memory info ===========================Percentage of memory in use: 11%Total physical RAM: 6058.17 MBAvailable physical RAM: 5355.12 MBTotal Pagefile: 6056.32 MBAvailable Pagefile: 5341.54 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:190.64 GB) NTFS (Disk=0 Partition=3)Drive e: () (Removable) (Total:1.86 GB) (Free:1.65 GB) FAT32 (Disk=1 Partition=1)Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.26 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: 07F2837E)Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)========================================================Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)Partition 1: (Active) - (Size=2 GB) - (Type=0B)Last Boot: 2013-05-04 03:46==================== End Of Log ============================ Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2013 ID:679237 Share Posted May 14, 2013 OK, here you go......this should get you going:Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.See if the computer boots normally now.MrC Link to post Share on other sites More sharing options...
kobhrax Posted May 14, 2013 Author ID:679247 Share Posted May 14, 2013 Computer does boot normally now. Thank you so much. Here is the log.Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-05-2013Ran by SYSTEM at 2013-05-13 19:34:03 Run:1Running from E:\Boot Mode: Recovery==============================================HKEY_USERS\Clark Walmer\Software\Microsoft\Windows\CurrentVersion\Run\\Intel => Value deleted successfully.HKEY_USERS\Clark Walmer\Software\Microsoft\Windows\CurrentVersion\Run\\Optimizer Pro => Value deleted successfully.C:\ProgramData\Intel\diagagnt.dll => Moved successfully.C:\ProgramData\Intel\diagagnt.dll => File/Directory not found.C:\Users\Clark Walmer\javaw.dll => Moved successfully.C:\ProgramData\java.dll => Moved successfully.C:\ProgramData\Application Data\java.dll => File/Directory not found.C:\Users\Clark Walmer\Application Data\Optimizer Pro => Moved successfully.C:\Users\Clark Walmer\AppData\Roaming\Optimizer Pro => File/Directory not found.C:\Users\Clark Walmer\Desktop\Optimizer Pro.lnk => Moved successfully.C:\Program Files (x86)\Optimizer Pro => Moved successfully.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2013 ID:679249 Share Posted May 14, 2013 Good, we should run some additional scans:Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.~~~~~~~~~~~~~~~~~~~~~~~Note:If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:Internet accessWindows UpdateWindows FirewallIf there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.Just run fixdamage.exe.Verify that your system is now functioning normally.MrC (be back in the AM) Link to post Share on other sites More sharing options...
kobhrax Posted May 14, 2013 Author ID:679292 Share Posted May 14, 2013 here are the 2 logs. nothing was found.mbar-log-2013-05-13 (20-13-23).txtsystem-log.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 14, 2013 ID:679311 Share Posted May 14, 2013 OK....Next:Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingcomputer.com/combofix/how-to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
kobhrax Posted May 14, 2013 Author ID:679390 Share Posted May 14, 2013 Will do as soon as I get home from work. Thanks again for all your help. Link to post Share on other sites More sharing options...
kobhrax Posted May 16, 2013 Author ID:680150 Share Posted May 16, 2013 Here is the latest run. I ran it twice as there was an update for it.2 things I have notice on start up after logging in. I get an error on a dll not loading. Forgot to write it down so after I finish this post, i will reboot so i can document it. The other weird thing is a program called Live! Central. This runs now on login and I have no idea what it is and I dont see it under add/remove programs. Things are running well again though.ComboFix.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680158 Share Posted May 16, 2013 http://www.softpedia...e-Central.shtml <--------Live Central~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Please download and run RogueKiller 32 Bit to your desktop.RogueKiller 64 Bit <---use this one for 64 bit systemsQuit all running programs.For Windows XP, double-click to start.For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system.When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
kobhrax Posted May 16, 2013 Author ID:680166 Share Posted May 16, 2013 The error message after login is: C:\ProgramData\Intel\diagagnt.dll not foundThe webcam thing that starts now that didnt is actually webcamDell2.exe not sure where this is or why its starting all of a sudden.Downloading roguekiller now and will post log shortly. Link to post Share on other sites More sharing options...
kobhrax Posted May 16, 2013 Author ID:680167 Share Posted May 16, 2013 Attached is the rogukiller output.RKreport1_S_05152013_02d1908.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680175 Share Posted May 16, 2013 It's in Startup:mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2Use your task manager to take it out.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~I messed up a little and had this file deleted by FRST:C:\ProgramData\Intel\diagagnt.dllIt should be in the Quarantine folder of FRST in C:\See if you can find it and we'll restore it.Let me know.....MrC Link to post Share on other sites More sharing options...
kobhrax Posted May 16, 2013 Author ID:680181 Share Posted May 16, 2013 Ok found the file and manually copied it back to the location i mentioned above. Please let me know if that was ok to do. As far as using taskmgr to take it out, not sure how to do that Also, did I need to do anything with the Roguekiller results?Thanks again for all your help. Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680196 Share Posted May 16, 2013 Yes it was OK to do that which show take care of that error message.No you don't have to do anything with RogueKiller.Download, unzip and double click on the attached fixdell.zip (fixdell.reg), allow it to merge into the registry.Then......Please download AdwCleaner from here and save it on your Desktop.AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC (be back in the AM) Link to post Share on other sites More sharing options...
kobhrax Posted May 16, 2013 Author ID:680200 Share Posted May 16, 2013 # AdwCleaner v2.300 - Logfile created 05/15/2013 at 20:13:47# Updated 28/04/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Clark Walmer - CLARKWALMER-PC# Boot Mode : Normal# Running from : C:\Users\Clark Walmer\Desktop\adwcleaner.exe# Option [search]***** [services] *****Found : vToolbarUpdater14.2.0***** [Files / Folders] *****File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xmlFile Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xmlFolder Found : C:\Program Files (x86)\AVG Secure SearchFolder Found : C:\Program Files (x86)\Common Files\AVG Secure SearchFolder Found : C:\ProgramData\AVG Secure SearchFolder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer ProFolder Found : C:\Users\Clark Walmer\AppData\Local\AVG Secure SearchFolder Found : C:\Users\Clark Walmer\AppData\LocalLow\AVG Secure SearchFolder Found : C:\Users\Clark Walmer\AppData\LocalLow\facemoods.com***** [Registry] *****Key Found : HKCU\Software\AVG Secure SearchKey Found : HKCU\Software\facemoods.comKey Found : HKCU\Software\IGearSettingsKey Found : HKCU\Software\InstallCoreKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\Optimizer ProKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\Software\AVG Secure SearchKey Found : HKLM\Software\AVG Security ToolbarKey Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}Key Found : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Found : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E}Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXEKey Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPaneKey Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1Key Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvcKey Found : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1Key Found : HKLM\SOFTWARE\Classes\facemoods.xtrnlKey Found : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1Key Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCoreKey Found : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObjectKey Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObjectKey Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1Key Found : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Found : HKLM\SOFTWARE\Classes\ZGClnt.MngrKey Found : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1Key Found : HKLM\Software\facemoods.comKey Found : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Found : HKLM\Software\StartNow ToolbarKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiifKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\facemoodsKey Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow ToolbarKey Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Found : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}Key Found : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}Key Found : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}Key Found : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}Key Found : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}Key Found : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}Key Found : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}Key Found : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}Key Found : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}Key Found : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}Key Found : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Found : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}Key Found : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}Key Found : HKU\S-1-5-21-3579844005-1357787577-631899233-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}Key Found : HKU\S-1-5-21-3579844005-1357787577-631899233-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16483[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={C193BECC-9599-4714-9E3F-5940ED89BDAF}&mid=fe9b20ced30647d094c0591a68ef3f90-4137ac10d58ae1cbb91d159c682c630c52d16d48〈=en&ds=gl011&pr=sa&d=2012-08-02 16:43:08&v=12.1.0.21&sap=hp-\\ Mozilla Firefox v15.0 (en-US)File : C:\Users\Clark Walmer\AppData\Roaming\Mozilla\Firefox\Profiles\3yplz7mf.default\prefs.jsFound : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com");*************************AdwCleaner[R1].txt - [13943 octets] - [15/05/2013 20:13:47]########## EOF - C:\AdwCleaner[R1].txt - [14004 octets] ########## Link to post Share on other sites More sharing options...
dj07 Posted May 16, 2013 ID:680244 Share Posted May 16, 2013 Yes, this nasty virus is becoming common in every PC. I have seen this infection issue and related question in many discussion communities. I guess one of the best ways to overcome this issue and keep a check on it, is by installing and protecting your system with antivirus protection tool. Get any strong antivirus protection for your windows like Norton, Immunet Plus antivirus, Microsoft Security Essential, Bitdefender, Avast, Avira, AVG and install it. Run complete scan and remove this moneypck virus easily. Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680251 Share Posted May 16, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Then......Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
OldMan2 Posted May 16, 2013 ID:680481 Share Posted May 16, 2013 I keep getting this anoying little message that says something like can't find "diagagnt.dll" file. After reading some of the posts here I think it is related to some DOD crap that poped up on my system last week. Any ideas on how to get rid of this short of a reload? Link to post Share on other sites More sharing options...
MrCharlie Posted May 16, 2013 ID:680484 Share Posted May 16, 2013 @OldMan2 > Please start your own topic rather than posting in this one. MrC Link to post Share on other sites More sharing options...
OldMan2 Posted May 16, 2013 ID:680491 Share Posted May 16, 2013 OK new to this so my appolgies sir! Link to post Share on other sites More sharing options...
Recommended Posts