Dmac33 Posted May 20, 2013 ID:681913 Share Posted May 20, 2013 Hello, I've contracted the FBI moneypack virus on my laptop. I've read many of the posts in this forum on this virus and have downloaded the FRST64 and rand the scan and search functions. Seems like many users computers were able to be fixed. I'm hoping you may be able to help me as well. I'm currently writing my dissertation and it is saved on the infected computer. Here are copies of the text files.Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013Ran by SYSTEM on 20-05-2013 12:09:03Running from E:\Windows 7 Home Premium (X64) OS Language: English(US)Internet Explorer Version 9Boot Mode: RecoveryThe current controlset is ControlSet001ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.==================== Registry (Whitelisted) ==================HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11075176 2010-07-22] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)HKLM\...\Run: [synAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)HKLM\...\Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash [1449984 2010-09-01] (Intel® Corporation)HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4156 2010-04-16] ()HKLM\...\Run: [THXCfg64] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)HKLM\...\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)HKLM-x32\...\RunOnce: [innoSetupRegFile.0000000001] "C:\Windows\is-GGLUO.exe" /REG /REGSVRMODE [869376 2013-05-19] ()HKLM-x32\...\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [103720 2009-11-02] (CyberLink)HKLM-x32\...\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)HKLM-x32\...\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" [328992 2008-11-03] (Nuance Communications, Inc.)HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)HKLM-x32\...\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()HKLM-x32\...\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe [3058304 2011-02-28] (ASUS)HKLM-x32\...\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r [905216 2010-09-07] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [84464 2010-10-15] ()HKLM-x32\...\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe [21504 2010-08-12] ()HKLM-x32\...\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [37888 2010-11-19] (Windows ® Win 7 DDK provider)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1151152 2013-02-18] ()HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4408368 2013-04-28] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)HKLM-x32\...\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)HKU\Dmac33\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)HKU\Dmac33\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)HKU\Dmac33\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-05-31] (Google Inc.)HKU\Dmac33\...\Run: [searchProtect] C:\Users\Dmac33\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)HKU\Dmac33\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Dmac33\Documents\595159d6.exe [34304 2013-05-20] ()HKU\Dmac33\...\Winlogon: [shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTIONStartup: C:\ProgramData\Start Menu\Programs\Startup\AsusVibeLauncher.lnkShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe ()Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)==================== Services (Whitelisted) =================S2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-13] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] ()S2 DefaultTabUpdate; C:\Users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-04-26] ()S2 DnsBasic Service; C:\Program Files (x86)\DnsBasic\dnsbasic.dll [897024 2013-04-26] ()S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132056 2012-10-14] (Symantec Corporation)S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4323256 2011-03-28] (INCA Internet Co., Ltd.)S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-02-28] ()S2 VideAceWindowsService; C:\ExpressGateUtil\VAWinService.exe [77312 2010-08-20] ()S2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [968880 2013-02-18] ()==================== Drivers (Whitelisted) ====================S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-03-29] (AVG Technologies CZ, s.r.o.)S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-05-07] (DT Soft Ltd)S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [49664 2010-11-19] (Fresco Logic)S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-02] (INCA Internet Co., Ltd.)S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564792 2012-03-02] (Duplex Secure Ltd.)S2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()S3 dump_wmimmc; \??\C:\program files (x86)\ncsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-05-20 12:08 - 2013-05-20 12:08 - 00000000 ____D C:\FRST2013-05-20 09:49 - 2013-05-20 09:49 - 00003352 ____N C:\bootsqm.dat2013-05-20 09:17 - 2013-05-20 09:17 - 01096056 ____A C:\ProgramData\2433f4332013-05-20 09:17 - 2013-05-20 09:17 - 01096054 ____A C:\Users\Dmac33\AppData\Roaming\2433f4332013-05-20 09:17 - 2013-05-20 09:17 - 01095991 ____A C:\Users\Dmac33\AppData\Local\2433f4332013-05-20 09:17 - 2013-05-20 09:17 - 00034304 ____A C:\Users\Dmac33\Documents\595159d6.exe2013-05-19 14:04 - 2013-05-19 14:04 - 00000000 ____D C:\Users\Dmac33\Documents\Diablo III2013-05-19 10:52 - 2013-05-19 10:52 - 00869376 ____A C:\Windows\is-GGLUO.exe2013-05-19 10:52 - 2013-05-19 10:52 - 00010513 ____A C:\Windows\is-GGLUO.msg2013-05-19 10:52 - 2013-05-19 10:52 - 00000373 ____A C:\Windows\is-GGLUO.lst2013-05-19 10:46 - 2013-05-19 10:46 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk2013-05-19 10:45 - 2013-05-19 10:46 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-05-19 10:45 - 2013-05-19 10:46 - 00000000 ____D C:\Program Files\iTunes2013-05-19 10:45 - 2013-05-19 10:46 - 00000000 ____D C:\Program Files (x86)\iTunes2013-05-19 10:45 - 2013-05-19 10:45 - 00000000 ____D C:\Program Files\iPod2013-05-19 08:02 - 2013-05-19 08:02 - 00000000 ____D C:\Users\Dmac33\SyncFolder2013-05-19 08:01 - 2013-05-19 10:24 - 00000000 ____D C:\Program Files (x86)\JustCloud2013-05-15 02:01 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-05-15 02:01 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-05-15 02:01 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe2013-05-15 02:01 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-05-15 02:01 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-05-15 02:01 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-05-15 02:01 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-05-15 02:01 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-05-15 02:01 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-05-15 02:01 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-05-15 02:01 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll2013-05-15 02:01 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll2013-05-15 02:01 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-05-15 02:01 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll2013-05-15 02:01 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-05-15 02:01 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-05-15 02:01 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-05-15 02:01 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-05-15 02:01 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-05-15 02:01 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-05-15 02:01 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-05-15 02:01 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-05-15 02:01 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-05-15 02:01 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll2013-05-15 02:01 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2013-05-15 02:01 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-05-15 02:01 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2013-05-15 02:01 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-05-15 02:01 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-05-15 02:01 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe2013-05-15 02:01 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe2013-05-14 22:35 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys2013-05-14 22:35 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys2013-05-14 22:35 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll2013-05-14 22:34 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-05-14 22:34 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll2013-05-14 22:34 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll2013-05-14 22:34 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe2013-05-14 22:34 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2013-05-14 22:34 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll2013-05-14 22:34 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll2013-05-14 22:34 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll2013-05-14 22:34 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2013-05-14 22:34 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll2013-05-14 22:34 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2013-05-13 01:20 - 2013-05-13 01:20 - 00000000 ____D C:\SearchProtect2013-05-06 18:48 - 2013-05-06 18:48 - 00000274 ____A C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job2013-05-06 18:47 - 2013-05-06 18:48 - 00733224 ____A C:\Windows\Minidump\050613-36894-01.dmp2013-04-26 13:05 - 2013-05-06 18:47 - 00000000 ____D C:\Program Files (x86)\DnsBasic2013-04-26 13:05 - 2013-04-26 13:07 - 00000000 ____D C:\ProgramData\DnsBasic2013-04-26 13:05 - 2013-04-26 13:05 - 00000000 ____A C:\ProgramData\2c2432375c4154382a_c2013-04-26 13:03 - 2013-05-20 10:21 - 00000360 ____A C:\Windows\Tasks\AmiUpdXp.job2013-04-26 13:03 - 2013-04-26 13:05 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\Strongvault2013-04-26 13:03 - 2013-04-26 13:03 - 00000000 ____D C:\Users\Dmac33\AppData\Local\SwvUpdater2013-04-26 13:01 - 2013-04-26 13:05 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin2013-04-26 13:01 - 2013-04-26 13:05 - 00000000 __SHD C:\AI_RecycleBin2013-04-26 13:01 - 2013-04-26 13:01 - 00000258 _RASH C:\Users\Dmac33\ntuser.pol2013-04-26 13:01 - 2013-04-26 13:01 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\DefaultTab2013-04-26 13:01 - 2013-04-26 13:01 - 00000000 ____D C:\Users\Dmac33\AppData\Local\CRE2013-04-26 13:01 - 2013-04-26 13:01 - 00000000 ____D C:\Program Files (x86)\DefaultTab2013-04-26 13:00 - 2013-04-26 13:06 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\SearchProtect2013-04-26 13:00 - 2013-04-26 13:01 - 00000000 ____D C:\Program Files (x86)\SearchProtect2013-04-26 13:00 - 2013-04-26 13:00 - 00575720 ____A C:\Users\Dmac33\Downloads\FlashPlayer_V.89439808c.exe2013-04-24 12:43 - 2013-04-04 04:35 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll2013-04-24 12:43 - 2013-04-04 04:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe2013-04-24 12:43 - 2013-04-04 04:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe2013-04-24 12:42 - 2013-04-24 12:43 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log2013-04-23 22:00 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys==================== One Month Modified Files and Folders =======2013-05-20 12:08 - 2013-05-20 12:08 - 00000000 ____D C:\FRST2013-05-20 10:28 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-05-20 10:28 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-05-20 10:21 - 2013-04-26 13:03 - 00000360 ____A C:\Windows\Tasks\AmiUpdXp.job2013-05-20 10:20 - 2012-04-18 20:59 - 00000326 ____A C:\Windows\Tasks\GlaryInitialize.job2013-05-20 10:20 - 2012-02-15 02:34 - 00030888 ____A C:\Windows\setupact.log2013-05-20 10:20 - 2011-05-31 20:16 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-05-20 10:20 - 2011-02-28 01:28 - 00000050 ____A C:\Windows\System32\SupplicantTest.log2013-05-20 10:20 - 2011-02-28 01:21 - 00000000 ____D C:\ProgramData\NVIDIA2013-05-20 10:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-05-20 10:16 - 2011-02-28 00:43 - 01206491 ____A C:\Windows\WindowsUpdate.log2013-05-20 10:15 - 2011-05-31 20:16 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-05-20 10:09 - 2012-04-08 11:12 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-05-20 09:49 - 2013-05-20 09:49 - 00003352 ____N C:\bootsqm.dat2013-05-20 09:30 - 2009-07-13 21:13 - 00793608 ____A C:\Windows\System32\PerfStringBackup.INI2013-05-20 09:26 - 2012-04-18 20:59 - 00000000 ____D C:\Program Files (x86)\Glary Utilities2013-05-20 09:17 - 2013-05-20 09:17 - 01096056 ____A C:\ProgramData\2433f4332013-05-20 09:17 - 2013-05-20 09:17 - 01096054 ____A C:\Users\Dmac33\AppData\Roaming\2433f4332013-05-20 09:17 - 2013-05-20 09:17 - 01095991 ____A C:\Users\Dmac33\AppData\Local\2433f4332013-05-20 09:17 - 2013-05-20 09:17 - 00034304 ____A C:\Users\Dmac33\Documents\595159d6.exe2013-05-20 07:38 - 2012-10-04 18:26 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk2013-05-20 07:38 - 2011-10-22 15:05 - 00000000 ____D C:\ProgramData\MFAData2013-05-19 17:50 - 2011-12-10 16:10 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\Skype2013-05-19 17:23 - 2012-12-05 12:47 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup 3.02013-05-19 14:04 - 2013-05-19 14:04 - 00000000 ____D C:\Users\Dmac33\Documents\Diablo III2013-05-19 13:32 - 2011-05-17 19:11 - 00000000 ____D C:\Users\Dmac33\Documents\school2013-05-19 10:52 - 2013-05-19 10:52 - 00869376 ____A C:\Windows\is-GGLUO.exe2013-05-19 10:52 - 2013-05-19 10:52 - 00010513 ____A C:\Windows\is-GGLUO.msg2013-05-19 10:52 - 2013-05-19 10:52 - 00000373 ____A C:\Windows\is-GGLUO.lst2013-05-19 10:52 - 2012-04-18 21:04 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\GlarySoft2013-05-19 10:52 - 2012-04-18 20:59 - 00001068 ____A C:\Users\Dmac33\Desktop\Glary Utilities.lnk2013-05-19 10:50 - 2011-02-28 01:33 - 00045056 ____A C:\Windows\System32\acovcnt.exe2013-05-19 10:46 - 2013-05-19 10:46 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk2013-05-19 10:46 - 2013-05-19 10:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-05-19 10:46 - 2013-05-19 10:45 - 00000000 ____D C:\Program Files\iTunes2013-05-19 10:46 - 2013-05-19 10:45 - 00000000 ____D C:\Program Files (x86)\iTunes2013-05-19 10:45 - 2013-05-19 10:45 - 00000000 ____D C:\Program Files\iPod2013-05-19 10:24 - 2013-05-19 08:01 - 00000000 ____D C:\Program Files (x86)\JustCloud2013-05-19 08:02 - 2013-05-19 08:02 - 00000000 ____D C:\Users\Dmac33\SyncFolder2013-05-19 08:02 - 2011-12-22 07:24 - 00109688 ____A C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT2013-05-19 08:02 - 2011-12-22 07:24 - 00109688 ____A C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT2013-05-19 08:02 - 2011-04-23 19:32 - 00000000 ____D C:\users\Dmac332013-05-18 14:12 - 2011-12-10 16:10 - 00000000 ___RD C:\Program Files (x86)\Skype2013-05-18 14:12 - 2011-12-10 16:10 - 00000000 ____D C:\ProgramData\Skype2013-05-15 03:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache2013-05-15 02:27 - 2009-07-13 20:45 - 00417896 ____A C:\Windows\System32\FNTCACHE.DAT2013-05-15 02:08 - 2011-05-17 14:29 - 00000000 ____D C:\ProgramData\Microsoft Help2013-05-15 02:06 - 2011-05-08 19:01 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-05-14 20:09 - 2012-04-08 11:12 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-05-14 20:09 - 2011-05-31 20:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-05-14 10:49 - 2012-05-24 23:22 - 00000000 ____D C:\Program Files (x86)\Diablo III2013-05-13 01:20 - 2013-05-13 01:20 - 00000000 ____D C:\SearchProtect2013-05-10 10:15 - 2011-04-26 09:19 - 00000000 ____D C:\Users\Dmac33\Incomplete2013-05-06 18:48 - 2013-05-06 18:48 - 00000274 ____A C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job2013-05-06 18:48 - 2013-05-06 18:47 - 00733224 ____A C:\Windows\Minidump\050613-36894-01.dmp2013-05-06 18:48 - 2009-07-13 21:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT2013-05-06 18:47 - 2013-04-26 13:05 - 00000000 ____D C:\Program Files (x86)\DnsBasic2013-05-06 18:47 - 2012-07-16 00:49 - 56560478 ____A C:\Windows\MEMORY.DMP2013-05-06 18:47 - 2011-10-22 15:47 - 00000000 ____D C:\Windows\Minidump2013-05-06 18:47 - 2011-02-28 01:05 - 00463548 ____A C:\Windows\PFRO.log2013-04-26 13:07 - 2013-04-26 13:05 - 00000000 ____D C:\ProgramData\DnsBasic2013-04-26 13:06 - 2013-04-26 13:00 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\SearchProtect2013-04-26 13:06 - 2012-03-02 11:18 - 00000000 ____D C:\Users\Dmac33\AppData\Local\Conduit2013-04-26 13:05 - 2013-04-26 13:05 - 00000000 ____A C:\ProgramData\2c2432375c4154382a_c2013-04-26 13:05 - 2013-04-26 13:03 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\Strongvault2013-04-26 13:05 - 2013-04-26 13:01 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin2013-04-26 13:05 - 2013-04-26 13:01 - 00000000 __SHD C:\AI_RecycleBin2013-04-26 13:04 - 2013-03-14 23:56 - 00000000 ____D C:\Users\Dmac33\AppData\Local\Supreme Savings2013-04-26 13:03 - 2013-04-26 13:03 - 00000000 ____D C:\Users\Dmac33\AppData\Local\SwvUpdater2013-04-26 13:03 - 2013-01-14 14:29 - 00000009 ____A C:\END2013-04-26 13:01 - 2013-04-26 13:01 - 00000258 _RASH C:\Users\Dmac33\ntuser.pol2013-04-26 13:01 - 2013-04-26 13:01 - 00000000 ____D C:\Users\Dmac33\AppData\Roaming\DefaultTab2013-04-26 13:01 - 2013-04-26 13:01 - 00000000 ____D C:\Users\Dmac33\AppData\Local\CRE2013-04-26 13:01 - 2013-04-26 13:01 - 00000000 ____D C:\Program Files (x86)\DefaultTab2013-04-26 13:01 - 2013-04-26 13:00 - 00000000 ____D C:\Program Files (x86)\SearchProtect2013-04-26 13:01 - 2009-07-13 19:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy2013-04-26 13:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy2013-04-26 13:00 - 2013-04-26 13:00 - 00575720 ____A C:\Users\Dmac33\Downloads\FlashPlayer_V.89439808c.exe2013-04-24 12:43 - 2013-04-24 12:42 - 00003915 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log2013-04-24 12:43 - 2011-04-26 09:18 - 00000000 ____D C:\Program Files (x86)\Java2013-04-23 17:53 - 2012-07-22 16:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox==================== Known DLLs (Whitelisted) ==================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-05-06 19:20:22Restore point made on: 2013-05-15 02:00:30Restore point made on: 2013-05-20 02:00:29==================== Memory info ===========================Percentage of memory in use: 9%Total physical RAM: 8169.17 MBAvailable physical RAM: 7380.52 MBTotal Pagefile: 8167.32 MBAvailable Pagefile: 7375.08 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.88 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:677.15 GB) (Free:471.66 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]Drive e: (SONY_16GM) (Removable) (Total:14.54 GB) (Free:14.45 GB) FAT32 (Disk=1 Partition=1)Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E0C5913D)Partition 1: (Not Active) - (Size=21 GB) - (Type=1C)Partition 2: (Active) - (Size=677 GB) - (Type=07 NTFS)========================================================Disk: 1 (Size: 15 GB) (Disk ID: 00000000)Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)Last Boot: 2013-05-15 02:59==================== End Of Log ============================Farbar Recovery Scan Tool (x64) Version: 18-05-2013Ran by SYSTEM at 2013-05-20 12:12:45Running from E:\Boot Mode: Recovery================== Search: "services.exe" ===================C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB====== End Of Search ======I appreciate any assistance that could be provided. Link to post Share on other sites More sharing options...
MrCharlie Posted May 20, 2013 ID:681932 Share Posted May 20, 2013 Looking at it now.....MrC Link to post Share on other sites More sharing options...
MrCharlie Posted May 20, 2013 ID:681933 Share Posted May 20, 2013 OK, here you go......this should get you going:Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.See if the computer boots normally now and if so..........Download Malwarebytes Anti-Rootkit from HEREUnzip the contents to a folder in a convenient location.Open the folder where the contents were unzipped and run mbar.exeFollow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txtTo attach a log if needed:Bottom right corner of this page.New window that comes up.MrC Link to post Share on other sites More sharing options...
Dmac33 Posted May 21, 2013 Author ID:682047 Share Posted May 21, 2013 Thank you Mr. C. This worked great. Computer's running and dissertation still there. I have 2 mbar logs. here's the firstMalwarebytes Anti-Rootkit BETA 1.05.0.1001www.malwarebytes.orgDatabase version: v2013.05.20.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16576Dmac33 :: DMAC33-PC [administrator]5/20/2013 7:15:45 PMmbar-log-2013-05-20 (19-15-45).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 29575Time elapsed: 12 minute(s), 35 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 10HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd (PUP.Software.Updater) -> Delete on reboot.HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1 (PUP.Software.Updater) -> Delete on reboot.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 3c:\Users\Dmac33\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Delete on reboot.c:\Users\Dmac33\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLGUSQ98\DNS[1].exe (Trojan.Dropper) -> Delete on reboot.c:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Delete on reboot.(end)Malwarebytes Anti-Rootkit BETA 1.05.0.1001www.malwarebytes.orgDatabase version: v2013.05.20.08Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16576Dmac33 :: DMAC33-PC [administrator]5/20/2013 7:42:03 PMmbar-log-2013-05-20 (19-42-03).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled:Objects scanned: 29561Time elapsed: 9 minute(s), 43 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16576Java version: 1.6.0_35File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 1.995000 GHzMemory total: 8565993472, free: 5811601408------------ Kernel report ------------ 05/20/2013 19:02:47------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\sptd.sys\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\Windows\system32\drivers\avgtpx64.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgldx64.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\FLxHCIc.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbfiltr.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\System32\Drivers\ayp5jijf.SYS\SystemRoot\System32\Drivers\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\bpenum.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\MBfilt64.sys\SystemRoot\system32\DRIVERS\FLxHCIh.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\bpusb.sys\SystemRoot\system32\DRIVERS\bpmp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\system32\DRIVERS\WSDPrint.sys\SystemRoot\system32\drivers\spsys.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80077f0790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007578050Lower Device Driver Name: \Driver\iaStor\Driver name found: iaStorInitialization returned 0x0Load Function returned 0x0Downloaded database version: v2013.05.20.08Downloaded database version: v2013.05.14.03Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80077f0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80077f02c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80077f0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8007574550, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007578050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0xfffff8a005a8f690, 0xfffffa80077f0790, 0xfffffa8006fe4090Lower DeviceData: 0xfffff8a00d5f3850, 0xfffffa8007578050, 0xfffffa8006aa3090<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E0C5913DPartition information: Partition 0 type is Other (0x1c) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 45062262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 45062325 Numsec = 1420084795 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 750156374016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...Done!Performing system, memory and registry scan...Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} --> [PUP.Software.Updater]Infected: c:\Users\Dmac33\AppData\Local\SwvUpdater\Updater.exe --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1 --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\CLASSES\Updater.AmiUpd --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd --> [PUP.Software.Updater]Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1 --> [PUP.Software.Updater]Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\instance.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\AVG2013\chjw\6826ddc226dd9184.dat" is sparse (flags = 32768)Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\instance.dat" is compressed (flags = 1)Infected: c:\Users\Dmac33\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLGUSQ98\DNS[1].exe --> [Trojan.Dropper]Infected: c:\Windows\Tasks\AmiUpdXp.job --> [PUP.Software.Updater]Done!Scan finishedCreating System Restore point...Scheduling clean up...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesRemoval scheduling successful. System shutdown needed.=======================================---------------------------------------Malwarebytes Anti-Rootkit BETA 1.05.0.1001© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 10.0.9200.16576Java version: 1.6.0_35File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 1.995000 GHzMemory total: 8565993472, free: 6144684032------------ Kernel report ------------ 05/20/2013 19:32:13------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\System32\Drivers\sptd.sys\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\pciide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\avgrkx64.sys\SystemRoot\system32\DRIVERS\avgloga.sys\SystemRoot\system32\DRIVERS\avgmfx64.sys\SystemRoot\system32\DRIVERS\avgidsha.sys\SystemRoot\system32\DRIVERS\dtsoftbus01.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\??\C:\Windows\system32\drivers\avgtpx64.sys\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\DRIVERS\avgtdia.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\avgldx64.sys\SystemRoot\system32\DRIVERS\avgidsdrivera.sys\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\FLxHCIc.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbfiltr.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\System32\Drivers\ayp5jijf.SYS\SystemRoot\System32\Drivers\SCSIPORT.SYS\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\bpenum.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\nvhda64v.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\MBfilt64.sys\SystemRoot\system32\DRIVERS\FLxHCIh.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\System32\Drivers\bpusb.sys\SystemRoot\system32\DRIVERS\bpmp.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\System32\Drivers\fastfat.SYS\SystemRoot\system32\DRIVERS\cdfs.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\SystemRoot\system32\DRIVERS\WSDPrint.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll----------- End -----------<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80077f0790Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8007578050Lower Device Driver Name: \Driver\iaStor\Device already Exists: 0xfffffa8006aa3090Initializing...Done!<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80077f0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80077f02c0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80077f0790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8007574550, DeviceName: Unknown, DriverName: \Driver\ACPI\DevicePointer: 0xfffffa8007578050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0xfffff8a01272e170, 0xfffffa80077f0790, 0xfffffa8006fe4090Lower DeviceData: 0xfffff8a012636830, 0xfffffa8007578050, 0xfffffa8006aa3090<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E0C5913DPartition information: Partition 0 type is Other (0x1c) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 45062262 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 45062325 Numsec = 1420084795 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 750156374016 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-1465129168-1465149168)...Done!Performing system, memory and registry scan...Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\instance.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\AVG2013\chjw\6826ddc226dd9184.dat" is sparse (flags = 32768)Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\Best Buy pc app Setup.dat" is compressed (flags = 1)Read File: File "c:\ProgramData\{FEC7DA28-87AB-47BB-8C6C-FFE15BF1037D}\instance.dat" is compressed (flags = 1)Done!Scan finished======================================= Link to post Share on other sites More sharing options...
MrCharlie Posted May 21, 2013 ID:682048 Share Posted May 21, 2013 Well Done, lets run ComboFix to clear up any leftovers.Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
Dmac33 Posted May 21, 2013 Author ID:682069 Share Posted May 21, 2013 Here's the log of the comobfix 13-05-20.01 - Dmac33 05/20/2013 20:14:55.1.8 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6031 [GMT -7:00]Running from: c:\users\Dmac33\Documents\ComboFix.exeAV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\program files (x86)\DefaultTabc:\program files (x86)\DefaultTab\DefaultTab.crxc:\program files (x86)\DefaultTab\DefaultTabSearch.exec:\program files (x86)\DefaultTab\uidc:\program files (x86)\smartdlc:\program files (x86)\smartdl\gunzip.exec:\program files (x86)\smartdl\statusc:\program files (x86)\smartdl\TorrentSearch.exec:\programdata\2c2432375c4154382a_cc:\programdata\DnsBasicc:\programdata\DnsBasic\dnsbasic111.exeC:\torrent.exec:\users\Dmac33\AppData\Local\assembly\tmpc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTabc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\addon.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfgc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exec:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exec:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exec:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dllc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dllc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DT.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exec:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\search_ie.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\searchhere.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.icoc:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exec:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.icoc:\users\Dmac33\videos\NW.1.20130309a.7.exec:\windows\SysWow64\URTTempc:\windows\SysWow64\URTTemp\regtlib.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_DefaultTabSearch-------\Service_DefaultTabUpdate-------\Service_DefaultTabUpdate..((((((((((((((((((((((((( Files Created from 2013-04-21 to 2013-05-21 )))))))))))))))))))))))))))))))..2013-05-21 03:50 . 2013-05-21 03:50 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2013-05-20 20:08 . 2013-05-20 20:08 -------- d-----w- C:\FRST2013-05-19 18:45 . 2013-05-19 18:45 -------- d-----w- c:\program files\iPod2013-05-19 18:45 . 2013-05-19 18:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF692013-05-19 18:45 . 2013-05-19 18:46 -------- d-----w- c:\program files\iTunes2013-05-19 18:45 . 2013-05-19 18:46 -------- d-----w- c:\program files (x86)\iTunes2013-05-19 16:02 . 2013-05-19 16:02 -------- d-----w- c:\users\Dmac33\SyncFolder2013-05-15 06:35 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-05-15 06:35 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-05-15 06:35 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll2013-05-15 06:34 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll2013-05-15 06:34 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll2013-05-15 06:34 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll2013-05-15 06:34 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe2013-05-15 06:34 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-05-15 06:34 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll2013-05-15 06:34 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-05-15 06:34 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll2013-05-15 06:34 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys2013-05-13 09:20 . 2013-05-13 09:20 -------- d-----w- C:\SearchProtect2013-04-26 21:06 . 2013-04-26 21:06 -------- d-----w- c:\program files\DomaIQ Uninstaller2013-04-26 21:05 . 2013-05-07 02:47 -------- d-----w- c:\program files (x86)\DnsBasic2013-04-26 21:03 . 2013-04-26 21:05 -------- d-----w- c:\users\Dmac33\AppData\Roaming\Strongvault2013-04-26 21:03 . 2013-05-21 02:31 -------- d-----w- c:\users\Dmac33\AppData\Local\SwvUpdater2013-04-26 21:01 . 2013-04-26 21:05 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin2013-04-26 21:01 . 2013-04-26 21:01 -------- d-----w- c:\users\Dmac33\AppData\Local\CRE2013-04-26 21:01 . 2013-05-21 03:49 -------- d-----w- c:\users\Dmac33\AppData\Roaming\DefaultTab2013-04-26 21:01 . 2013-04-26 21:05 -------- d-----w- C:\AI_RecycleBin2013-04-26 21:00 . 2013-04-26 21:01 -------- d-----w- c:\program files (x86)\SearchProtect2013-04-26 21:00 . 2013-04-26 21:06 -------- d-----w- c:\users\Dmac33\AppData\Roaming\SearchProtect2013-04-24 20:43 . 2013-04-04 12:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-04-24 06:00 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-21 04:01 . 2011-02-28 09:33 45056 ----a-w- c:\windows\system32\acovcnt.exe2013-05-15 10:06 . 2011-05-09 03:01 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-15 04:09 . 2012-04-08 19:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-05-15 04:09 . 2011-06-01 04:16 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-10 00:25 . 2010-06-24 19:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-04-13 05:49 . 2013-05-15 06:35 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-05-15 06:35 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-05-15 06:35 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-05-15 06:35 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-05-15 06:35 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-05-15 06:35 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-04 21:50 . 2012-02-13 21:59 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2013-03-29 09:53 . 2013-03-29 09:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys2013-03-27 00:28 . 2013-03-27 00:28 226304 ----a-w- c:\windows\system32\elshyph.dll2013-03-27 00:28 . 2013-03-27 00:28 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-03-27 00:28 . 2013-03-27 00:28 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-03-27 00:28 . 2013-03-27 00:28 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-03-27 00:28 . 2013-03-27 00:28 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-03-27 00:28 . 2013-03-27 00:28 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-03-27 00:28 . 2013-03-27 00:28 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-03-27 00:28 . 2013-03-27 00:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-03-27 00:28 . 2013-03-27 00:28 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-03-27 00:28 . 2013-03-27 00:28 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-03-27 00:28 . 2013-03-27 00:28 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-03-27 00:28 . 2013-03-27 00:28 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-03-27 00:28 . 2013-03-27 00:28 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-03-27 00:28 . 2013-03-27 00:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-03-27 00:28 . 2013-03-27 00:28 361984 ----a-w- c:\windows\SysWow64\html.iec2013-03-27 00:28 . 2013-03-27 00:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-03-27 00:28 . 2013-03-27 00:28 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-03-27 00:28 . 2013-03-27 00:28 197120 ----a-w- c:\windows\system32\msrating.dll2013-03-27 00:28 . 2013-03-27 00:28 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-03-27 00:28 . 2013-03-27 00:28 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-03-27 00:28 . 2013-03-27 00:28 81408 ----a-w- c:\windows\system32\icardie.dll2013-03-27 00:28 . 2013-03-27 00:28 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-03-27 00:28 . 2013-03-27 00:28 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-03-27 00:28 . 2013-03-27 00:28 441856 ----a-w- c:\windows\system32\html.iec2013-03-27 00:28 . 2013-03-27 00:28 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-03-27 00:28 . 2013-03-27 00:28 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-03-27 00:28 . 2013-03-27 00:28 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-03-27 00:28 . 2013-03-27 00:28 247296 ----a-w- c:\windows\system32\webcheck.dll2013-03-27 00:28 . 2013-03-27 00:28 235008 ----a-w- c:\windows\system32\url.dll2013-03-27 00:28 . 2013-03-27 00:28 216064 ----a-w- c:\windows\system32\msls31.dll2013-03-27 00:28 . 2013-03-27 00:28 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-03-27 00:28 . 2013-03-27 00:28 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-03-27 00:28 . 2013-03-27 00:28 102912 ----a-w- c:\windows\system32\inseng.dll2013-03-27 00:28 . 2013-03-27 00:28 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-03-27 00:28 . 2013-03-27 00:28 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-03-27 00:28 . 2013-03-27 00:28 599552 ----a-w- c:\windows\system32\vbscript.dll2013-03-27 00:28 . 2013-03-27 00:28 51200 ----a-w- c:\windows\system32\imgutil.dll2013-03-27 00:28 . 2013-03-27 00:28 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-03-27 00:28 . 2013-03-27 00:28 167424 ----a-w- c:\windows\system32\iexpress.exe2013-03-27 00:28 . 2013-03-27 00:28 149504 ----a-w- c:\windows\system32\occache.dll2013-03-27 00:28 . 2013-03-27 00:28 144896 ----a-w- c:\windows\system32\wextract.exe2013-03-27 00:28 . 2013-03-27 00:28 13824 ----a-w- c:\windows\system32\mshta.exe2013-03-27 00:28 . 2013-03-27 00:28 136192 ----a-w- c:\windows\system32\iepeers.dll2013-03-27 00:28 . 2013-03-27 00:28 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-03-27 00:28 . 2013-03-27 00:28 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-03-27 00:28 . 2013-03-27 00:28 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-03-27 00:28 . 2013-03-27 00:28 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-03-27 00:28 . 2013-03-27 00:28 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-03-27 00:28 . 2013-03-27 00:28 77312 ----a-w- c:\windows\system32\tdc.ocx2013-03-21 10:08 . 2013-03-21 10:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys2013-03-19 06:04 . 2013-04-10 09:49 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe2013-03-19 05:46 . 2013-04-10 09:49 43520 ----a-w- c:\windows\system32\csrsrv.dll2013-03-19 05:04 . 2013-04-10 09:49 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe2013-03-19 05:04 . 2013-04-10 09:49 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe2013-03-19 04:47 . 2013-04-10 09:49 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll2013-03-19 03:06 . 2013-04-10 09:49 112640 ----a-w- c:\windows\system32\smss.exe2013-03-13 09:07 . 2012-07-02 09:04 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll2013-03-13 09:07 . 2011-07-04 03:51 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\BitTorrentBar\prxtbBitT.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]2013-02-18 18:55 1929392 ----a-w- c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}]2012-06-01 16:35 2669408 ------w- c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}]2013-02-28 20:37 170840 ----a-w- c:\program files\Updater By SweetPacks\Extension32.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files (x86)\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-18 1929392]"{32D47EA5-9473-4CAD-805D-9999F15D5AE2}"= "c:\program files (x86)\Glarysoft Toolbar\tbcore3.dll" [2012-06-01 2669408].[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}].[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj].[HKEY_CLASSES_ROOT\clsid\{32d47ea5-9473-4cad-805d-9999f15d5ae2}][HKEY_CLASSES_ROOT\TBSB05810.TBSB05810.3][HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}][HKEY_CLASSES_ROOT\TBSB05810.TBSB05810].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-01 39408]"SearchProtect"="c:\users\Dmac33\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-02-28 3058304]"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]"SearchProtectAll"="c:\program files (x86)\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk - c:\program files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2011-2-28 548528].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe""QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-03-01 161384]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-02-28 79360]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-02-28 79360]R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\ncsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 11264]R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-25 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-05-08 283200]S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264]S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]S2 CltMngSvc;Search Protect by Conduit Updater;c:\program files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-04-11 93984]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]S2 DnsBasic Service;DnsBasic Service;c:\program files (x86)\DnsBasic\dnsbasic.exe [2013-04-26 22528]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [2012-10-14 132056]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-25 383264]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]S2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe [2013-02-28 188760]S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-17 71168]S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-17 175104]S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-17 81920]S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944]S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMPROTECTOR*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-04-10 05:02 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 04:09].2013-05-07 c:\windows\Tasks\ASUS SmartLogon Console Sensor.job- c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31 18:38].2013-05-21 c:\windows\Tasks\GlaryInitialize.job- c:\program files (x86)\Glary Utilities\initialize.exe [2012-04-19 22:39].2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 04:16].2013-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 04:16]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984]"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360].HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceFontCache.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>Trusted Zone: aaa.com\sppTrusted Zone: aaa.com\spp1Trusted Zone: aaa.com\spp2Trusted Zone: aaa.com\spp3Trusted Zone: aaa.com\spptTrusted Zone: aaa.com\sppt1Trusted Zone: aaa.com\sppt2Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.2.1 192.168.2.1Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dllURLSearchHooks-{7574dbbe-1c99-41ad-bf35-3497d936152d} - (no file)BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dllBHO-{c0326c12-9f06-4344-aa25-60267226bb7d} - c:\program files (x86)\gpotatotoolbar\vmntemplateX.dllBHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dllBHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - (no file)Toolbar-Locked - (no file)Toolbar-{c0326c12-9f06-4344-aa25-60267226bb7d} - c:\program files (x86)\gpotatotoolbar\vmntemplateX.dllToolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dllWow6432Node-HKU-Default-Run-SearchProtect - \SearchProtect\bin\cltmng.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)WebBrowser-{7574DBBE-1C99-41AD-BF35-3497D936152D} - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exeAddRemove-DefaultTab - c:\users\Dmac33\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exeAddRemove-Mozilla Firefox 16.0.1 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exeAddRemove-MozillaMaintenanceService - c:\program files (x86)\Mozilla Maintenance Service\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]"ImagePath"="c:\windows\system32\GameMon.des -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exec:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exec:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exec:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exec:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe.**************************************************************************.Completion time: 2013-05-20 21:04:37 - machine was rebootedComboFix-quarantined-files.txt 2013-05-21 04:04.Pre-Run: 506,238,926,848 bytes freePost-Run: 506,471,866,368 bytes free.- - End Of File - - E7924CBC20F74F0814D73EBF044EE265 Link to post Share on other sites More sharing options...
MrCharlie Posted May 21, 2013 ID:682125 Share Posted May 21, 2013 Looks Good.....Next:Lets check for any adware while you're here:Please download AdwCleaner from here and save it on your Desktop.AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.AdwCleaner is a tool that deletes :· Adwares (software ads)· PUP/LPI (Potentially Undesirable Program)· Toolbars· Hijacker (Hijack of the browser's homepage)It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.Note:Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:/DisableAskDetection - This option disables Ask Toolbar detection.MrC Link to post Share on other sites More sharing options...
Dmac33 Posted May 21, 2013 Author ID:682235 Share Posted May 21, 2013 Hello, the forum wouldn't let me copy and paste the log from the adwcleaner. I've attached it to the post. There doesn't seem to be anything in there that I seem to use.AdwCleanerR1.txt Link to post Share on other sites More sharing options...
MrCharlie Posted May 21, 2013 ID:682237 Share Posted May 21, 2013 Lots of adware found....lets clear it out.....Please re-run AdwCleanerClick on Delete button.Confirm each time with OK if asked.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.Then......Lets check your computers security before you go and we have a little cleanup to do also:Download Security Check by screen317 from HERE or HERE.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt.Please Post the contents of that document.Do Not Attach It!!!MrC Link to post Share on other sites More sharing options...
Dmac33 Posted May 21, 2013 Author ID:682254 Share Posted May 21, 2013 Here's the new log file after the deletion process. # AdwCleaner v2.301 - Logfile created 05/21/2013 at 12:55:04# Updated 16/05/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Dmac33 - DMAC33-PC# Boot Mode : Normal# Running from : C:\Users\Dmac33\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFE8IQ3I\adwcleaner (1).exe# Option [Delete]***** [services] *****Stopped & Deleted : CltMngSvc***** [Files / Folders] *****Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure SearchFile Deleted : C:\ENDFile Deleted : C:\Users\Dmac33\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorageFile Deleted : C:\Users\Dmac33\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journalFile Deleted : C:\Users\Dmac33\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\Dmac33\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journalFile Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpiFile Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\searchplugins\Askcom.xmlFile Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\searchplugins\Conduit.xmlFile Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\searchplugins\Searchab.xmlFile Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\searchplugins\SweetIm.xmlFolder Deleted : C:\Program Files (x86)\AVG Secure SearchFolder Deleted : C:\Program Files (x86)\BitTorrentBarFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\Glarysoft ToolbarFolder Deleted : C:\Program Files (x86)\SearchProtectFolder Deleted : C:\Program Files (x86)\ZoomexFolder Deleted : C:\Program Files\DomaIQ UninstallerFolder Deleted : C:\ProgramData\AskFolder Deleted : C:\ProgramData\AVG Secure SearchFolder Deleted : C:\ProgramData\clsoft ltdFolder Deleted : C:\ProgramData\InstallMateFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\ProgramData\ZoomexFolder Deleted : C:\Users\Dmac33\AppData\Local\APNFolder Deleted : C:\Users\Dmac33\AppData\Local\AVG Secure SearchFolder Deleted : C:\Users\Dmac33\AppData\Local\ConduitFolder Deleted : C:\Users\Dmac33\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlcFolder Deleted : C:\Users\Dmac33\AppData\Local\Supreme SavingsFolder Deleted : C:\Users\Dmac33\AppData\Local\SwvUpdaterFolder Deleted : C:\Users\Dmac33\AppData\LocalLow\AskToolbarFolder Deleted : C:\Users\Dmac33\AppData\LocalLow\AVG Secure SearchFolder Deleted : C:\Users\Dmac33\AppData\LocalLow\BitTorrentBarFolder Deleted : C:\Users\Dmac33\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Dmac33\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Dmac33\AppData\LocalLow\Toolbar4Folder Deleted : C:\Users\Dmac33\AppData\LocalLow\ZoomexFolder Deleted : C:\Users\Dmac33\AppData\Roaming\DefaultTabFolder Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}Folder Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\extensions\stagedFolder Deleted : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\extensions\toolbar@ask.comFolder Deleted : C:\Users\Dmac33\AppData\Roaming\OpenCandyFolder Deleted : C:\Users\Dmac33\AppData\Roaming\SearchProtectFolder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}***** [Registry] *****Key Deleted : HKCU\Software\APNKey Deleted : HKCU\Software\AppDataLow\Software\AskToolbarKey Deleted : HKCU\Software\AppDataLow\Software\BitTorrentBarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\CrossriderKey Deleted : HKCU\Software\AppDataLow\Software\DefaultTabKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKCU\Software\AppDataLow\SProtectorKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\Ask.comKey Deleted : HKCU\Software\AVG Secure SearchKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Default TabKey Deleted : HKCU\Software\DefaultTabKey Deleted : HKCU\Software\HeadlightKey Deleted : HKCU\Software\IGearSettingsKey Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7AF277D-1466-4A7B-93AF-B043984A5671}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7AF277D-1466-4A7B-93AF-B043984A5671}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}Key Deleted : HKCU\Software\PrivitizeVPNInstallDatesKey Deleted : HKCU\Software\SearchProtectKey Deleted : HKCU\Software\StartSearchKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\Software\APNKey Deleted : HKLM\Software\AskToolbarKey Deleted : HKLM\Software\AVG Secure SearchKey Deleted : HKLM\Software\AVG Security ToolbarKey Deleted : HKLM\Software\BitTorrentBarKey Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXEKey Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLLKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPIKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObjKey Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveXKey Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFDKey Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFDKey Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocolKey Deleted : HKLM\SOFTWARE\Classes\SKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApiKey Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtilsKey Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManagerKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequestKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTaskKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelperKey Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3244951Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifierKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImplKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManagerKey Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHookKey Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLEKey Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.ApiKey Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.LayersKey Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Default TabKey Deleted : HKLM\Software\DefaultTabKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{32804100-B238-45F4-B15E-C5A2F2F7400B}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-pluginKey Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\Software\Supreme SavingsKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32804100-B238-45F4-B15E-C5A2F2F7400B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{32D47EA5-9473-4CAD-805D-9999F15D5AE2}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7AF277D-1466-4A7B-93AF-B043984A5671}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlcKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlcKey Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcjKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4403300E-C274-4D2B-969C-FC73435B026D}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E826F430-6D3D-490C-8D74-7F64E584DC60}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AF277D-1466-4A7B-93AF-B043984A5671}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure SearchKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentBar ToolbarKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTabKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ UninstallerKey Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectKey Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEFKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{32D47EA5-9473-4CAD-805D-9999F15D5AE2}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{88C7F2AA-F93F-432C-8F0E-B7D85967A527}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16576[OK] Registry is clean.-\\ Mozilla Firefox v16.0.1 (en-US)File : C:\Users\Dmac33\AppData\Roaming\Mozilla\Firefox\Profiles\110674x9.default\prefs.jsDeleted : user_pref("CT3289847.FF19Solved", "true");Deleted : user_pref("CT3289847.UserID", "UN30182134023344194");Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");Deleted : user_pref("CT3289847.installDate", "26/4/2013 14:00:48");Deleted : user_pref("CT3289847.installSessionId", "-1");Deleted : user_pref("CT3289847.installSp", "TRUE");Deleted : user_pref("CT3289847.installerVersion", "1.4.1.3");Deleted : user_pref("CT3289847.keyword", "true");Deleted : user_pref("CT3289847.searchRevert", "true");Deleted : user_pref("CT3289847.searchUserMode", "2");Deleted : user_pref("CT3289847.smartbar.homepage", "true");Deleted : user_pref("CT3289847.versionFromInstaller", "10.14.380.14");Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={[...]Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");Deleted : user_pref("avg.install.userHPSettings", "hxxp://isearch.glarysoft.com/?src=ffhome");Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI[...]Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&Sea[...]Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CU[...]Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN301821340[...]Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]Deleted : user_pref("smartbar.originalHomepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.1004[...]Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://start.sweetpacks.com/?src=2&st=12&barid={E16B[...]Deleted : user_pref("smartbar.originalSearchEngine", "Bing");Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Privitize VPN");Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Privitize VPN");Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://searchab.com/?aff=7&uid=59a53[...]Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://searchab.com/?aff=7&uid=59a536ca-6373-11e2[...]Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.[...]-\\ Google Chrome v26.0.1410.64File : C:\Users\Dmac33\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.1] : icon_url ={"apps_promo_counter":11,"autofill":{"negative_upload_rate":1.0,"positive_upload_rate":1.0},"backup"[...]*************************AdwCleaner[R1].txt - [95464 octets] - [21/05/2013 11:08:37]AdwCleaner[R2].txt - [95529 octets] - [21/05/2013 12:54:56]AdwCleaner[s1].txt - [27953 octets] - [21/05/2013 12:55:04]########## EOF - C:\AdwCleaner[s1].txt - [28014 octets] ########## Link to post Share on other sites More sharing options...
MrCharlie Posted May 21, 2013 ID:682299 Share Posted May 21, 2013 Security Check log????MrC Link to post Share on other sites More sharing options...
Dmac33 Posted May 22, 2013 Author ID:682330 Share Posted May 22, 2013 oops sorry, here's the security log Results of screen317's Security Check version 0.99.63 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 35 Java 7 Update 21 Java SE Runtime Environment 6 Update 1 Adobe Flash Player 11.7.700.202 Adobe Reader 10.1.7 Adobe Reader out of Date! Mozilla Firefox 16.0.1 Firefox out of Date! Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` AVG avgwdsvc.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 0%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
MrCharlie Posted May 22, 2013 ID:682343 Share Posted May 22, 2013 Out dated programs on the system are vulnerable to malware.Please update or uninstall them:~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Java™ 6 Update 35<----Please uninstall from add/remove programsJava™ SE Runtime Environment 6 Update 1<----Please uninstall from add/remove programsJava 7 Update 21 <----OK-------------------------------------------------------Adobe Reader 10.1.7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).------------------------------------Mozilla Firefox 16.0.1 Firefox out of Date! <----please check for an update if available------------------------------------Google Chrome 26.0.1410.43 <-----OLDGoogle Chrome 26.0.1410.64 <-----OKYou have old versions of Google Chrome on the system.Please download and run OldChromeRemover.@Windows Vista/Windows 7-8 users must use “Run As Administrator.”~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------If you used DeFogger to disable your CD Emulation drivers, please re-enable them.-------------------------------Please download OTC to your desktop.http://oldtimer.geekstogo.com/OTC.exeDouble-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")Click on the CleanUp! button and follow the prompts.(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)You will be asked to reboot the machine to finish the Cleanup process, choose Yes.After the reboot all the tools we used should be gone.Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
LDTate Posted May 22, 2013 ID:682482 Share Posted May 22, 2013 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts