Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Pesky Malware fake Vista AV [Closed]


  • This topic is locked This topic is locked

#16
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ok SO I thought we were fine....the system was function and then some random Spybot registry popups came up that said some changes to registry were trying to be added and i chose Deny and remember decision however after that problems occured again, the exe's stopped working, taskmgr had some type of issue etc....here is the S&D report.....just when i thought this was fixed!

maybe i was supposed to say allow?

it said old data blank
and new data blank so no idea what it was adding

Attached Files


  • 0

Advertisements


#17
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
good head scratcher

Edited by wholeteam, 02 December 2011 - 07:27 PM.

  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm - lets try Combofix in safe mode

Could you do that and let me know how it goes please - as something is not quite right
  • 0

#19
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ok back was on vacation...my system does the same thing when under Safe Mode...not sure but some strange drivers may have been loading too, but im not sure a few that loaded i just never heard of.

Attached Files


Edited by wholeteam, 05 December 2011 - 05:16 AM.

  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK time to work outside of windows I think, but first I would like a look at your partitions

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.


THEN

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on “Start”.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#21
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Dr Web found about 9 threats and removed them, I booted up, the associations were still broke I did the AVG Tuneup 1 time free trial which fixed all the registry issues and now the associations work, JUST not sure if i am still infected. Here is my OTL log attached


UPDATE:

so 1 day later i log in and all apps seem to work fine, 1 hr later a Spybot popup comes up with a Registry Change box, it says a Browser Helper Object is being deleted with only the option to ALLOW CHANGE did not have Deny Change and as soon as I did that, all the Executables were broken again

OTL logfile created on: 12/6/2011 5:42:12 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Owner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 60.89% Memory free
5.73 Gb Paging File | 4.55 Gb Available in Paging File | 79.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.19 Gb Total Space | 86.71 Gb Free Space | 62.30% Space Free | Partition Type: NTFS
Drive D: | 9.85 Gb Total Space | 1.64 Gb Free Space | 16.68% Space Free | Partition Type: NTFS

Computer Name: TISHA | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/06 17:41:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2011/12/05 06:45:13 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/27 15:58:48 | 000,793,416 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2011/05/25 10:53:16 | 000,205,128 | ---- | M] (AVG) -- C:\Program Files\AVG\AVG PC Tuneup 2011\ProgramManager.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/01/20 21:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/05 06:45:10 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/05/25 10:53:14 | 000,350,024 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2011/05/25 10:53:12 | 000,184,136 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2011/05/25 10:53:12 | 000,050,504 | ---- | M] () -- C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/01/09 22:25:49 | 005,971,408 | ---- | M] () -- C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/04/26 03:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:16 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:02 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:00 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:13:58 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/12 15:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVNET)
DRV - [2010/08/12 15:07:50 | 000,292,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2009/07/24 00:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/10/03 06:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 14:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 14:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 17:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1865
FF - prefs.js..keyword.URL: "http://www.tepela.co...ls=3YzQmUJb&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..keyword.URL: "http://www.tepela.co...ls=3YzQmUJb&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/08/04 13:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/29 18:00:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/05 06:45:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/05 06:45:15 | 000,000,000 | ---D | M]

[2011/01/09 22:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2011/12/05 06:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\extensions
[2011/01/09 22:25:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/27 00:17:51 | 000,003,849 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\searchplugins\avg-secure-search.xml
[2011/03/16 17:54:36 | 000,002,198 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\y61qhshs.default\searchplugins\google-search.xml
[2011/09/24 16:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/05 06:45:14 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/13 12:41:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2005/04/05 03:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\NPJinit13122.dll
[2011/12/05 06:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/05 06:45:06 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2011/09/21 11:10:06 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml

O1 HOSTS File: ([2011/12/01 16:22:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStartupSound = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5....DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 11.224.26.124 11.223.26.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E26629E-011B-4720-B771-16155A3F4DE5}: DhcpNameServer = 11.224.26.124 11.223.26.124
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E5553DA-D433-499B-A3D5-F14A955D5998}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 13:03:40 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/06 17:35:27 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/12/06 17:29:01 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG
[2011/12/06 17:28:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2011/12/06 17:27:20 | 008,143,896 | ---- | C] (AVG ) -- C:\avg_pct_stf_all_2012_26_c6.exe
[2011/12/05 15:08:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/12/05 14:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/12/05 14:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/12/05 09:11:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/05 09:11:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2011/12/05 09:10:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/02 14:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/02 10:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/01 17:53:37 | 000,000,000 | ---D | C] -- C:\tdsskiller
[2011/12/01 16:55:58 | 000,080,896 | ---- | C] (maliprog) -- C:\getpartitions.exe
[2011/12/01 16:46:47 | 001,916,416 | ---- | C] (AVAST Software) -- C:\aswMBR.exe
[2011/12/01 16:22:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/30 14:32:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2011/11/30 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/30 14:31:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/11/30 14:31:53 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/11/30 14:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/30 13:04:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/11/29 18:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/29 17:59:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/28 16:22:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/28 16:22:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/28 16:22:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/28 16:22:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/28 16:21:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/28 16:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/11/28 16:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/28 16:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/11/28 00:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/11/28 00:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/11/26 18:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\AddThis Toolbar
[2011/11/08 19:49:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012

========== Files - Modified Within 30 Days ==========

[2011/12/06 17:39:49 | 111,503,533 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/06 17:28:10 | 000,000,970 | ---- | M] () -- C:\Users\Owner\Desktop\AVG PC Tuneup 2011.lnk
[2011/12/06 17:27:20 | 008,143,896 | ---- | M] (AVG ) -- C:\avg_pct_stf_all_2012_26_c6.exe
[2011/12/06 17:14:14 | 000,047,999 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/12/06 17:14:14 | 000,047,937 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/12/06 17:13:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 17:13:17 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 17:13:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 17:13:08 | 2951,122,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/05 14:14:36 | 190,220,288 | ---- | M] () -- C:\drweb-livecd-600.iso
[2011/12/05 14:01:23 | 000,001,674 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/12/05 14:01:23 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/05 13:57:21 | 000,052,007 | ---- | M] () -- C:\capture 12 5.JPG
[2011/12/05 13:48:49 | 000,002,619 | ---- | M] () -- C:\Users\Owner\Desktop\Microsoft Outlook 2010.lnk
[2011/12/05 10:12:05 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/12/05 09:15:26 | 000,000,246 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/12/05 06:14:13 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/02 16:10:43 | 000,015,988 | ---- | M] () -- C:\avptool_sysinfo.zip
[2011/12/02 15:20:04 | 000,001,926 | -HS- | M] () -- C:\Windows\4509912drv.spi
[2011/12/01 19:36:39 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2011/12/01 18:14:26 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/12/01 17:53:11 | 001,547,774 | ---- | M] () -- C:\tdsskiller.zip
[2011/12/01 17:42:39 | 000,000,770 | ---- | M] () -- C:\avg 2012 rootkit.csv
[2011/12/01 16:55:59 | 000,080,896 | ---- | M] (maliprog) -- C:\getpartitions.exe
[2011/12/01 16:46:53 | 001,916,416 | ---- | M] (AVAST Software) -- C:\aswMBR.exe
[2011/12/01 16:22:55 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/11/30 14:31:58 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 18:00:08 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/29 17:09:01 | 299,264,008 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/29 15:36:26 | 000,004,608 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/29 11:16:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/11/29 11:16:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/11/29 11:10:01 | 000,000,102 | ---- | M] () -- C:\Windows\wininit.ini
[2011/11/28 16:09:00 | 000,001,079 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/28 16:09:00 | 000,001,055 | ---- | M] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/11/28 16:00:39 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/28 16:00:39 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/28 00:44:57 | 000,512,992 | ---- | M] () -- C:\Users\Owner\Desktop\sdasetup_revwire207.exe
[2011/11/27 23:53:32 | 000,392,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/27 22:17:29 | 000,000,842 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2011/11/19 22:28:04 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job

========== Files Created - No Company Name ==========

[2011/12/06 17:39:49 | 111,503,533 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/06 17:28:10 | 000,000,970 | ---- | C] () -- C:\Users\Owner\Desktop\AVG PC Tuneup 2011.lnk
[2011/12/05 14:01:57 | 190,220,288 | ---- | C] () -- C:\drweb-livecd-600.iso
[2011/12/05 14:01:23 | 000,001,674 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/12/05 14:01:23 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2011/12/05 14:01:22 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/12/05 13:57:19 | 000,052,007 | ---- | C] () -- C:\capture 12 5.JPG
[2011/12/05 10:11:29 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2011/12/05 06:45:19 | 000,000,858 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/05 06:20:53 | 2951,122,944 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/02 16:14:55 | 000,015,988 | ---- | C] () -- C:\avptool_sysinfo.zip
[2011/12/02 15:16:46 | 000,001,926 | -HS- | C] () -- C:\Windows\4509912drv.spi
[2011/12/01 19:36:39 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2011/12/01 18:14:25 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/12/01 17:53:09 | 001,547,774 | ---- | C] () -- C:\tdsskiller.zip
[2011/12/01 17:42:39 | 000,000,770 | ---- | C] () -- C:\avg 2012 rootkit.csv
[2011/12/01 16:55:44 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/11/30 14:31:58 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/29 18:00:08 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/29 11:16:35 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/11/29 11:16:35 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/11/29 11:10:01 | 000,000,102 | ---- | C] () -- C:\Windows\wininit.ini
[2011/11/28 16:22:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/28 16:22:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/28 16:22:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/28 16:22:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/28 16:22:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/28 16:09:00 | 000,001,079 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/11/28 16:09:00 | 000,001,055 | ---- | C] () -- C:\Users\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/11/28 00:45:05 | 000,512,992 | ---- | C] () -- C:\Users\Owner\Desktop\sdasetup_revwire207.exe
[2011/11/27 22:17:29 | 000,000,842 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG 2012.lnk
[2011/10/27 00:18:12 | 000,036,962 | ---- | C] () -- C:\Windows\System32\ActPanel.dll
[2011/04/11 20:33:18 | 000,024,206 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/03/30 19:43:36 | 000,004,608 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/27 19:27:41 | 000,010,704 | ---- | C] () -- C:\Windows\hpwscr19.dat
[2011/01/27 19:26:19 | 000,176,636 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011/01/27 19:26:18 | 000,000,997 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011/01/10 20:10:44 | 000,122,880 | ---- | C] () -- C:\Windows\UnGins.exe
[2010/12/19 15:32:46 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2010/12/02 20:09:12 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/02 20:09:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/11/29 12:16:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/11/29 11:43:50 | 000,047,937 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/29 11:43:22 | 000,047,999 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/19 13:10:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/11/16 16:52:31 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2008/08/04 13:19:17 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/01/14 20:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,392,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,607,406 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/09 04:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/26 18:28:34 | 000,143,360 | ---- | C] () -- C:\Windows\unzip.exe
[2005/08/26 18:28:20 | 000,024,576 | ---- | C] () -- C:\Windows\shortcut.exe
[2005/08/26 18:27:58 | 000,045,056 | ---- | C] () -- C:\Windows\devenum.exe

========== LOP Check ==========

[2011/12/06 17:29:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2011/09/25 20:30:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2012
[2011/12/05 15:08:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/04/11 20:33:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2010/12/20 22:02:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2011/02/14 19:51:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2010/12/18 00:02:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2011/12/05 15:09:20 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:502D809E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Attached Files


Edited by Essexboy, 07 December 2011 - 01:08 PM.

  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the attached zip file and extract exe fix vista.reg to the desktop
Right click the reg file and select merge
Accept all warnings

Reboot and try the exe files


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    FF - prefs.js..keyword.URL: "http://www.tepela.co...ls=3YzQmUJb&q="
    [2011/09/21 11:10:06 | 000,002,223 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\websearch.xml
    O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22)
    [2011/11/08 19:49:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Security 2012
    [2011/12/02 15:20:04 | 000,001,926 | -HS- | M] () -- C:\Windows\4509912drv.spi

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Once done delete the current copy of combofix from your desktop

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#23
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
ok OTL and Combofix logs attached

Attached Files


  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What problems are you experiencing now ?
  • 0

#25
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
nothing currently but like the previous 5 times all has been well then something sneaks back in lol
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ever considered changing your AV ?
  • 0

#27
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Well its my gf she just bought avg 2012 the paid one. I like avast myself but this seem to be past any current av
  • 0

#28
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
After the shutdown and bootup last night associations are messed up again no registry warning this time.
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you uninstall Spybot, re-run the registry fix then reboot and see if the associations stick this time
  • 0

#30
wholeteam

wholeteam

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
that AVG Registry fix was a one time deal do u have a custom registry fix or run combofix i believe it restores them back too
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP