Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads on internet virus?

Started by tcco94 , May 13 2012 02:32 PM

  • Please log in to reply

#16
tcco94
Posted 23 May 2012 - 03:46 PM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I don't know if this will help but I use Firefox not internet explorer. Virus seems to be on both anyways. Still haven't got rid of this :(.... also on some websites some words will be highlighted and if you click them it will come as a pop-up for text enhance, whatever that is.

========== OTL ==========
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
HKU\S-1-5-21-141472487-685583464-1612949001-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-141472487-685583464-1612949001-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
========== REGISTRY ==========
Registry value HKEY_USERS\S-1-5-21-141472487-685583464-1612949001-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.

OTL by OldTimer - Version 3.2.43.0 log created on 05232012_143144
  • 0

Advertisements

#17
WhiteHat
Posted 24 May 2012 - 07:13 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

I don't know if this will help but I use Firefox not internet explorer. Virus seems to be on both anyways. Still haven't got rid of this Posted Image.... also on some websites some words will be highlighted and if you click them it will come as a pop-up for text enhance, whatever that is.

Thanks for the information.

Just for curiosity, the highlight words happens in any websites or happens in some specific websites?

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

Edited by WhiteHat, 24 May 2012 - 07:15 PM.

  • 0

#18
tcco94
Posted 24 May 2012 - 10:23 PM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
For most sites yes the ads will appear and the text enhance will also. Rare if it doesn't show up but there are a few select websites. This bug seems impossible to get off my computer.

Edited by tcco94, 24 May 2012 - 10:24 PM.

  • 0

#19
tcco94
Posted 25 May 2012 - 08:26 AM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ComboFix 12-05-24.03 - Tyler 05/24/2012 21:27:53.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.2457 [GMT -7:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 05:18 . 2012-05-25 05:18 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-25 05:18 . 2012-05-25 05:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-17 23:25 . 2012-05-17 23:25 -------- d-----w- c:\program files (x86)\ESET
2012-05-16 06:29 . 2012-05-16 06:29 -------- d-----w- C:\_OTL
2012-05-13 02:38 . 2012-05-13 02:38 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-13 01:53 . 2012-05-13 02:00 -------- d-----w- c:\program files (x86)\Logbook Pro
2012-05-12 19:00 . 2012-05-12 19:00 -------- d-----w- c:\users\Tyler\AppData\Local\Vid-Saver
2012-05-12 19:00 . 2012-05-12 19:00 -------- d-----w- c:\program files (x86)\Vid-Saver
2012-05-11 03:08 . 2012-05-11 04:26 -------- d-----w- c:\program files (x86)\wsr
2012-05-09 23:53 . 2012-05-21 09:32 -------- d-----w- c:\users\Tyler\AppData\Local\SniperV2
2012-05-09 23:44 . 2012-05-09 23:44 -------- d-----w- c:\program files (x86)\Rebellion
2012-05-07 01:05 . 2012-05-07 01:05 -------- d-----w- c:\users\Tyler\AppData\Roaming\Atari
2012-05-07 01:00 . 2012-05-07 01:05 -------- d-----w- c:\program files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-02 00:14 . 2012-05-02 00:14 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 00:14 . 2012-05-02 00:14 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 04:13 . 2012-04-02 05:38 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 04:13 . 2011-09-10 04:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:13 . 2012-04-02 06:12 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56 . 2011-10-14 04:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 10:03 . 2012-03-16 10:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 10:03 . 2012-03-16 10:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 10:03 . 2012-03-16 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 10:03 . 2012-03-16 10:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 10:03 . 2012-03-16 10:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 10:03 . 2012-03-16 10:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 10:03 . 2012-03-16 10:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 10:03 . 2012-03-16 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 10:03 . 2012-03-16 10:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 10:03 . 2012-03-16 10:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 10:03 . 2012-03-16 10:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 10:03 . 2012-03-16 10:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 10:03 . 2012-03-16 10:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 10:03 . 2012-03-16 10:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 10:03 . 2012-03-16 10:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 10:03 . 2012-03-16 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 10:03 . 2012-03-16 10:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 10:03 . 2012-03-16 10:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 10:03 . 2012-03-16 10:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 10:03 . 2012-03-16 10:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 10:03 . 2012-03-16 10:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 10:03 . 2012-03-16 10:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 10:03 . 2012-03-16 10:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 10:03 . 2012-03-16 10:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 10:03 . 2012-03-16 10:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 10:03 . 2012-03-16 10:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 10:03 . 2012-03-16 10:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 10:03 . 2012-03-16 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 10:03 . 2012-03-16 10:03 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 10:03 . 2012-03-16 10:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 10:03 . 2012-03-16 10:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 10:03 . 2012-03-16 10:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 10:03 . 2012-03-16 10:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 10:03 . 2012-03-16 10:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-05 04:22 . 2011-01-21 05:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:54 . 2012-04-11 10:01 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-11 10:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-11 10:01 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-11 10:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-11 10:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-11 10:01 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-11 10:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 10:07 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 10:07 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 10:07 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 10:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-11 10:07 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-11 10:07 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-11 10:07 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-11 10:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-25_02.14.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-21 03:06 . 2012-05-25 05:23 55436 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2011-01-21 03:06 . 2012-05-25 05:23 55436 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2012-05-25 02:13 . 2012-05-25 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-25 05:19 . 2012-05-25 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-25 02:13 . 2012-05-25 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-25 05:19 . 2012-05-25 05:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 628414 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 02:18 628414 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 02:18 110598 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 110598 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 02:18 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 02:18 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-05-25 02:12 437992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-25 05:19 437992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-05-24 15:15 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-25 02:28 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-24 15:15 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-25 02:28 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2011-06-29 10:16 . 2012-05-25 02:12 28957228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-141472487-685583464-1612949001-1001-12288.dat
+ 2011-06-29 10:16 . 2012-05-25 05:19 28957228 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-141472487-685583464-1612949001-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}]
2012-05-09 02:28 493440 ----a-w- c:\program files (x86)\Vid-Saver\Vid-Saver.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-14 22:09 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-14 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-12 6379888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-14 5500800]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-14 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-20 928096]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [N/A]
_uninst_00742594.lnk - c:\users\Tyler\AppData\Local\Temp\_uninst_00742594.bat [N/A]
_uninst_42908665.lnk - c:\users\Tyler\AppData\Local\Temp\_uninst_42908665.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-10-14 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-19 369256]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-14 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:13]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:21]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:21]
.
2012-05-25 c:\windows\Tasks\HPCeeScheduleForTYLER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-05-08 c:\windows\Tasks\HPCeeScheduleForTyler.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-FS2Crew: Level-D 767 Voice Commander Edition SP1 - 0:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unFS2Crew2010_FSX_LDS767.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-05-25 00:26:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 07:26
ComboFix2.txt 2012-05-25 04:19
ComboFix3.txt 2011-11-24 21:08
.
Pre-Run: 718,016,012,288 bytes free
Post-Run: 717,680,926,720 bytes free
.
- - End Of File - - 08145E21C4F05179CAF169C607B3CF16
  • 0

#20
WhiteHat
Posted 27 May 2012 - 09:54 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

Please, create a new profile in Mozilla Firefox:
http://support.mozil...naging-profiles

After that, see if the problem is solved.

# Step 2 #
Close any open browsers.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box:
  • Write (Copy/Paste)Notepad.exe. Then click in Ok.
  • copy/paste the text in red below to notepad

    File::
    c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00742594.lnk
    c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_42908665.lnk
    c:\users\Tyler\AppData\Local\Temp\_uninst_00742594.bat
    c:\users\Tyler\AppData\Local\Temp\_uninst_42908665.bat


  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

Edited by WhiteHat, 27 May 2012 - 09:54 PM.

  • 0

#21
tcco94
Posted 27 May 2012 - 11:02 PM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
No more ads on the new firefox profile... :thumbsup:

ComboFix 12-05-27.03 - Tyler 05/27/2012 21:32:51.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.2622 [GMT -7:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
Command switches used :: c:\users\Tyler\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Tyler\AppData\Local\Temp\_uninst_00742594.bat"
"c:\users\Tyler\AppData\Local\Temp\_uninst_42908665.bat"
"c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00742594.lnk"
"c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_42908665.lnk"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tyler\AppData\Local\Temp\4698339\9342906.exe
c:\users\Tyler\AppData\Local\Temp\4698339\advdis.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\avlib.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\avpgs.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\avpgui.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\avs.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\avspm.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\avzkrnl.dll
c:\users\Tyler\AppData\Local\Temp\4698339\avzscan.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\base64.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\base64p.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\basegui.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\arkmon.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\avengine.dll
c:\users\Tyler\AppData\Local\Temp\4698339\bases\avpcure.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\kavbase.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\kavsys.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\kjim.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\klavemu.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\mark.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\pbs.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\qscan.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bases\vlns.kdl
c:\users\Tyler\AppData\Local\Temp\4698339\bl.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\btdisk.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\btimages.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\buffer.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\clldr.dll
c:\users\Tyler\AppData\Local\Temp\4698339\crpthlpr.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\dbghelp.dll
c:\users\Tyler\AppData\Local\Temp\4698339\deflate.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\diffs.dll
c:\users\Tyler\AppData\Local\Temp\4698339\dmap.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\dtreg.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\filemap.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\fsdrvplg.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\fssync.dll
c:\users\Tyler\AppData\Local\Temp\4698339\hashmd5.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\hashsha1.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\icheck3.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\inflate.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\inifile.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\kldw.exe
c:\users\Tyler\AppData\Local\Temp\4698339\klsrlsvc.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\mailmsg.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\mdb.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\mdmap.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\memmng.dll
c:\users\Tyler\AppData\Local\Temp\4698339\memmodsc.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\memscan.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\minizip.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\mkavio.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\msoe.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\msvcm80.dll
c:\users\Tyler\AppData\Local\Temp\4698339\msvcp80.dll
c:\users\Tyler\AppData\Local\Temp\4698339\msvcr80.dll
c:\users\Tyler\AppData\Local\Temp\4698339\ndetect.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\netdtls.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\nfio.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\ntfsstrm.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\ods.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\params.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\passdmap.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\prloader.dll
c:\users\Tyler\AppData\Local\Temp\4698339\procmon.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\propmap.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\proxydet.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\prremote.dll
c:\users\Tyler\AppData\Local\Temp\4698339\prseqio.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\prtransp.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\prutil.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\pxstub.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\qb.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\quantum.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\regmap.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\report.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\reportdb.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\resip.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\schedule.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\sfdb.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\stat.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\stdcomp.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\stenum2.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\superio.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\syswatch.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\thpimpl.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\timer.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\tm.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\uniarc.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\updater.dll
c:\users\Tyler\AppData\Local\Temp\4698339\urlflt.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\ushata.dll
c:\users\Tyler\AppData\Local\Temp\4698339\volenum.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\wdiskio.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\winreg.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\wmihlpr.ppl
c:\users\Tyler\AppData\Local\Temp\4698339\x64\wmi64.exe
c:\users\Tyler\AppData\Local\Temp\4698339\xorio.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\8644589.exe
c:\users\Tyler\AppData\Local\Temp\7559153\advdis.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\avlib.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\avpgs.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\avpgui.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\avs.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\avspm.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\avzkrnl.dll
c:\users\Tyler\AppData\Local\Temp\7559153\avzscan.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\base64.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\base64p.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\basegui.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\arkmon.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\avengine.dll
c:\users\Tyler\AppData\Local\Temp\7559153\bases\avpcure.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\kavbase.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\kavsys.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\kjim.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\klavemu.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\mark.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\pbs.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\qscan.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bases\vlns.kdl
c:\users\Tyler\AppData\Local\Temp\7559153\bl.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\btdisk.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\btimages.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\buffer.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\clldr.dll
c:\users\Tyler\AppData\Local\Temp\7559153\crpthlpr.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\dbghelp.dll
c:\users\Tyler\AppData\Local\Temp\7559153\deflate.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\diffs.dll
c:\users\Tyler\AppData\Local\Temp\7559153\dmap.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\dtreg.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\filemap.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\fsdrvplg.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\fssync.dll
c:\users\Tyler\AppData\Local\Temp\7559153\hashmd5.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\hashsha1.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\icheck3.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\inflate.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\inifile.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\kldw.exe
c:\users\Tyler\AppData\Local\Temp\7559153\klsrlsvc.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\mailmsg.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\mdb.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\mdmap.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\memmng.dll
c:\users\Tyler\AppData\Local\Temp\7559153\memmodsc.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\memscan.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\minizip.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\mkavio.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\msoe.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\msvcm80.dll
c:\users\Tyler\AppData\Local\Temp\7559153\msvcp80.dll
c:\users\Tyler\AppData\Local\Temp\7559153\msvcr80.dll
c:\users\Tyler\AppData\Local\Temp\7559153\ndetect.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\netdtls.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\nfio.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\ntfsstrm.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\ods.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\params.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\passdmap.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\prloader.dll
c:\users\Tyler\AppData\Local\Temp\7559153\procmon.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\propmap.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\proxydet.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\prremote.dll
c:\users\Tyler\AppData\Local\Temp\7559153\prseqio.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\prtransp.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\prutil.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\pxstub.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\qb.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\quantum.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\regmap.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\report.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\reportdb.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\resip.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\schedule.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\sfdb.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\stat.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\stdcomp.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\stenum2.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\superio.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\syswatch.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\thpimpl.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\timer.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\tm.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\uniarc.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\updater.dll
c:\users\Tyler\AppData\Local\Temp\7559153\urlflt.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\ushata.dll
c:\users\Tyler\AppData\Local\Temp\7559153\volenum.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\wdiskio.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\winreg.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\wmihlpr.ppl
c:\users\Tyler\AppData\Local\Temp\7559153\x64\wmi64.exe
c:\users\Tyler\AppData\Local\Temp\7559153\xorio.ppl
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00742594.lnk
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_42908665.lnk
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 04:42 . 2012-05-28 04:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-28 04:42 . 2012-05-28 04:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-28 03:19 . 2012-05-28 12:12 460888 ----a-w- c:\windows\system32\drivers\80874294.sys
2012-05-17 23:25 . 2012-05-17 23:25 -------- d-----w- c:\program files (x86)\ESET
2012-05-16 06:29 . 2012-05-16 06:29 -------- d-----w- C:\_OTL
2012-05-13 02:38 . 2012-05-13 02:38 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-13 01:53 . 2012-05-13 02:00 -------- d-----w- c:\program files (x86)\Logbook Pro
2012-05-12 19:00 . 2012-05-12 19:00 -------- d-----w- c:\users\Tyler\AppData\Local\Vid-Saver
2012-05-12 19:00 . 2012-05-12 19:00 -------- d-----w- c:\program files (x86)\Vid-Saver
2012-05-11 03:08 . 2012-05-11 04:26 -------- d-----w- c:\program files (x86)\wsr
2012-05-09 23:53 . 2012-05-21 09:32 -------- d-----w- c:\users\Tyler\AppData\Local\SniperV2
2012-05-09 23:44 . 2012-05-09 23:44 -------- d-----w- c:\program files (x86)\Rebellion
2012-05-07 01:05 . 2012-05-07 01:05 -------- d-----w- c:\users\Tyler\AppData\Roaming\Atari
2012-05-07 01:00 . 2012-05-07 01:05 -------- d-----w- c:\program files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
2012-05-02 00:14 . 2012-05-02 00:14 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-02 00:14 . 2012-05-02 00:14 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 04:13 . 2012-04-02 05:38 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 04:13 . 2011-09-10 04:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:13 . 2012-04-02 06:12 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-04 22:56 . 2011-10-14 04:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 10:03 . 2012-03-16 10:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 10:03 . 2012-03-16 10:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 10:03 . 2012-03-16 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 10:03 . 2012-03-16 10:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 10:03 . 2012-03-16 10:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 10:03 . 2012-03-16 10:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 10:03 . 2012-03-16 10:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 10:03 . 2012-03-16 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 10:03 . 2012-03-16 10:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 10:03 . 2012-03-16 10:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 10:03 . 2012-03-16 10:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 10:03 . 2012-03-16 10:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 10:03 . 2012-03-16 10:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 10:03 . 2012-03-16 10:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 10:03 . 2012-03-16 10:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 10:03 . 2012-03-16 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 10:03 . 2012-03-16 10:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 10:03 . 2012-03-16 10:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 10:03 . 2012-03-16 10:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 10:03 . 2012-03-16 10:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 10:03 . 2012-03-16 10:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 10:03 . 2012-03-16 10:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 10:03 . 2012-03-16 10:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 10:03 . 2012-03-16 10:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 10:03 . 2012-03-16 10:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 10:03 . 2012-03-16 10:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 10:03 . 2012-03-16 10:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 10:03 . 2012-03-16 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 10:03 . 2012-03-16 10:03 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 10:03 . 2012-03-16 10:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 10:03 . 2012-03-16 10:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 10:03 . 2012-03-16 10:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 10:03 . 2012-03-16 10:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 10:03 . 2012-03-16 10:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-05 04:22 . 2011-01-21 05:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-01 06:54 . 2012-04-11 10:01 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:45 . 2012-04-11 10:01 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:40 . 2012-04-11 10:01 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:35 . 2012-04-11 10:01 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:49 . 2012-04-11 10:01 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:45 . 2012-04-11 10:01 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:40 . 2012-04-11 10:01 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:56 . 2012-04-11 10:07 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-11 10:07 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-11 10:07 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-11 10:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-25_02.14.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:34 . 2010-11-20 12:17 26624 c:\windows\SysWOW64\userinit.exe
- 2009-07-14 04:54 . 2012-05-24 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-25 05:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-25 05:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 02:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-25 05:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 03:06 . 2012-05-28 04:47 55788 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-28 04:47 39072 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-21 13:47 . 2012-05-28 04:47 10688 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-141472487-685583464-1612949001-1001_UserData.bin
+ 2011-01-21 03:06 . 2012-05-28 04:47 55788 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-28 04:47 39072 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-21 13:47 . 2012-05-28 04:47 10688 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-141472487-685583464-1612949001-1001_UserData.bin
- 2012-05-25 02:13 . 2012-05-25 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-28 04:44 . 2012-05-28 04:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-28 04:44 . 2012-05-28 04:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-25 02:13 . 2012-05-25 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-21 06:16 . 2012-05-28 02:03 417674 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-05-25 05:24 628414 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 628414 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 05:24 110598 c:\windows\system64\perfc009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 110598 c:\windows\system64\perfc009.dat
+ 2012-05-28 03:19 . 2012-05-28 12:12 460888 c:\windows\system64\drivers\80874294.sys
+ 2011-01-21 06:16 . 2012-05-28 02:03 417674 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-05-23 01:12 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 05:24 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-25 05:24 110598 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 110598 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-28 04:43 437992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-25 02:12 437992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-05-27 16:41 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-24 15:15 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-24 15:15 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-27 16:41 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-06-29 10:16 . 2012-05-28 04:43 29818368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-141472487-685583464-1612949001-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-14 22:09 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-14 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-12 6379888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-14 5500800]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-14 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-20 928096]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [N/A]
_uninst_80874294.lnk - c:\users\Tyler\AppData\Local\Temp\_uninst_80874294.bat [N/A]
_uninst_83475326.lnk - c:\users\Tyler\AppData\Local\Temp\_uninst_83475326.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 80874294;80874294;c:\windows\system32\DRIVERS\80874294.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-10-14 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-19 369256]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-14 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:13]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:21]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:21]
.
2012-05-25 c:\windows\Tasks\HPCeeScheduleForTYLER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-05-08 c:\windows\Tasks\HPCeeScheduleForTyler.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\cty3imvm.tyler2\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-FS2Crew: Level-D 767 Voice Commander Edition SP1 - 0:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unFS2Crew2010_FSX_LDS767.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-05-27 21:52:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-28 04:52
ComboFix2.txt 2012-05-25 07:26
ComboFix3.txt 2012-05-25 04:19
ComboFix4.txt 2011-11-24 21:08
.
Pre-Run: 715,415,621,632 bytes free
Post-Run: 715,542,302,720 bytes free
.
- - End Of File - - 587F49DD7F65CF3E9D9258406C211F42
  • 0

#22
WhiteHat
Posted 30 May 2012 - 01:58 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Close any open browsers.

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box:
  • Write (Copy/Paste)Notepad.exe. Then click in Ok.
  • copy/paste the text in red below to notepad

    Folder::
C:\Program Files (x86)\Vid-Saver
C:\Users\Tyler\AppData\Local\Vid-Saver

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Vid-Saver"=-
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}]
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply

  • 0

#23
tcco94
Posted 31 May 2012 - 11:45 PM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Ad's are gone on the old firefox...although I did just update it so not sure if it was the update or this last fix we did.


ComboFix 12-05-31.03 - Tyler 05/31/2012 21:42:48.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.2997 [GMT -7:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
Command switches used :: c:\users\Tyler\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Vid-Saver
c:\program files (x86)\Vid-Saver\Uninstall.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.dll
c:\program files (x86)\Vid-Saver\Vid-Saver.exe
c:\program files (x86)\Vid-Saver\Vid-Saver.ico
c:\program files (x86)\Vid-Saver\Vid-Saver.ini
c:\program files (x86)\Vid-Saver\Vid-SaverGui.exe
c:\program files (x86)\Vid-Saver\Vid-SaverInstaller.log
c:\users\Tyler\AppData\Local\Vid-Saver
c:\users\Tyler\AppData\Local\Vid-Saver\Chrome\Vid-Saver.crx
.
.
((((((((((((((((((((((((( Files Created from 2012-05-01 to 2012-06-01 )))))))))))))))))))))))))))))))
.
.
2012-06-01 05:00 . 2012-06-01 05:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-01 05:00 . 2012-06-01 05:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-31 21:02 . 2012-05-31 21:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-31 21:02 . 2012-05-31 21:02 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-05-31 21:02 . 2012-05-31 21:02 588728 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-05-31 21:02 . 2012-05-31 21:02 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-05-31 21:02 . 2012-05-31 21:02 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-05-31 21:02 . 2012-05-31 21:02 43960 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-05-31 21:02 . 2012-05-31 21:02 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-31 21:02 . 2012-05-31 21:02 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-28 03:19 . 2012-05-28 12:12 460888 ----a-w- c:\windows\system32\drivers\80874294.sys
2012-05-17 23:25 . 2012-05-17 23:25 -------- d-----w- c:\program files (x86)\ESET
2012-05-16 06:29 . 2012-05-16 06:29 -------- d-----w- C:\_OTL
2012-05-13 02:38 . 2012-05-13 02:38 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-05-13 01:53 . 2012-05-13 02:00 -------- d-----w- c:\program files (x86)\Logbook Pro
2012-05-11 03:08 . 2012-05-11 04:26 -------- d-----w- c:\program files (x86)\wsr
2012-05-09 23:53 . 2012-05-21 09:32 -------- d-----w- c:\users\Tyler\AppData\Local\SniperV2
2012-05-09 23:44 . 2012-05-09 23:44 -------- d-----w- c:\program files (x86)\Rebellion
2012-05-07 01:05 . 2012-05-07 01:05 -------- d-----w- c:\users\Tyler\AppData\Roaming\Atari
2012-05-07 01:00 . 2012-05-07 01:05 -------- d-----w- c:\program files (x86)\Roller Coaster Tycoon 3 Platinum - CarlesNeo !
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 04:13 . 2012-04-02 05:38 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 04:13 . 2011-09-10 04:23 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 04:13 . 2012-04-02 06:12 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-02 00:14 . 2012-05-02 00:14 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2011-10-14 04:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-16 10:03 . 2012-03-16 10:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 10:03 . 2012-03-16 10:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 10:03 . 2012-03-16 10:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 10:03 . 2012-03-16 10:03 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 10:03 . 2012-03-16 10:03 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 10:03 . 2012-03-16 10:03 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 10:03 . 2012-03-16 10:03 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 10:03 . 2012-03-16 10:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 10:03 . 2012-03-16 10:03 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 10:03 . 2012-03-16 10:03 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 10:03 . 2012-03-16 10:03 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 10:03 . 2012-03-16 10:03 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 10:03 . 2012-03-16 10:03 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 10:03 . 2012-03-16 10:03 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 10:03 . 2012-03-16 10:03 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 10:03 . 2012-03-16 10:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 10:03 . 2012-03-16 10:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 10:03 . 2012-03-16 10:03 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 10:03 . 2012-03-16 10:03 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 10:03 . 2012-03-16 10:03 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 10:03 . 2012-03-16 10:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 10:03 . 2012-03-16 10:03 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 10:03 . 2012-03-16 10:03 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 10:03 . 2012-03-16 10:03 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 10:03 . 2012-03-16 10:03 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 10:03 . 2012-03-16 10:03 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 10:03 . 2012-03-16 10:03 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 10:03 . 2012-03-16 10:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 10:03 . 2012-03-16 10:03 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 10:03 . 2012-03-16 10:03 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 10:03 . 2012-03-16 10:03 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 10:03 . 2012-03-16 10:03 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-16 10:03 . 2012-03-16 10:03 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 10:03 . 2012-03-16 10:03 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-05 04:22 . 2011-01-21 05:10 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-25_02.14.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:34 . 2010-11-20 12:17 26624 c:\windows\SysWOW64\userinit.exe
+ 2009-07-14 04:54 . 2012-05-28 04:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-24 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-24 02:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-28 04:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 02:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-28 04:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 03:06 . 2012-06-01 05:07 55960 c:\windows\system64\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-28 04:47 39072 c:\windows\system64\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-21 13:47 . 2012-05-28 04:47 10688 c:\windows\system64\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-141472487-685583464-1612949001-1001_UserData.bin
+ 2011-01-21 17:41 . 2012-05-30 14:46 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 17:41 . 2012-05-16 06:29 16384 c:\windows\system64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-30 14:46 . 2012-05-30 14:46 49152 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-30 14:46 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 06:29 16384 c:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-21 03:06 . 2012-06-01 05:07 55960 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-28 04:47 39072 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-21 13:47 . 2012-05-28 04:47 10688 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-141472487-685583464-1612949001-1001_UserData.bin
+ 2011-01-21 17:41 . 2012-05-30 14:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-21 17:41 . 2012-05-16 06:29 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-30 14:46 . 2012-05-30 14:46 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 06:29 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-30 14:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-25 02:13 . 2012-05-25 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-01 05:03 . 2012-06-01 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-25 02:13 . 2012-05-25 02:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-01 05:03 . 2012-06-01 05:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-21 06:16 . 2012-06-01 04:16 419086 c:\windows\system64\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-05-23 01:12 628414 c:\windows\system64\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-28 04:51 628414 c:\windows\system64\perfh009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 110598 c:\windows\system64\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-28 04:51 110598 c:\windows\system64\perfc009.dat
+ 2012-05-28 03:19 . 2012-05-28 12:12 460888 c:\windows\system64\drivers\80874294.sys
+ 2011-01-21 06:16 . 2012-06-01 04:16 419086 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-05-23 01:12 628414 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-28 04:51 628414 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-23 01:12 110598 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-28 04:51 110598 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-06-01 05:02 437992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-25 02:12 437992 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2012-05-31 21:21 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-24 15:15 10485760 c:\windows\system64\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-05-31 21:21 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-24 15:15 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-06-29 10:16 . 2012-06-01 05:02 30420576 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-141472487-685583464-1612949001-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-14 22:09 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-14 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-03 1242448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-12 6379888]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-10-14 5500800]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"SugarSync"="c:\program files (x86)\SugarSync\SugarSyncManager.exe" [2012-03-19 9413712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-12 102400]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-09-28 664600]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-14 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-20 928096]
.
c:\users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MP3 Rocket (Minimized).lnk - c:\program files (x86)\MP3 Rocket\MP3Rocket.exe [N/A]
_uninst_80874294.lnk - c:\users\Tyler\AppData\Local\Temp\_uninst_80874294.bat [N/A]
_uninst_83475326.lnk - c:\users\Tyler\AppData\Local\Temp\_uninst_83475326.bat [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-9-28 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-31 129976]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 SaiH0763;SaiH0763;c:\windows\system32\DRIVERS\SaiH0763.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
S0 80874294;80874294;c:\windows\system32\DRIVERS\80874294.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-10-14 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CyberLink\Shared files\RichVideo64.exe [2010-08-20 386344]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-19 369256]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-14 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 04:13]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:21]
.
2012-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-26 03:21]
.
2012-05-25 c:\windows\Tasks\HPCeeScheduleForTYLER-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-05-08 c:\windows\Tasks\HPCeeScheduleForTyler.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-03-19 20:23 463952 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-09-15 611896]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\cty3imvm.tyler2\
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-FS2Crew: Level-D 767 Voice Commander Edition SP1 - 0:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\unFS2Crew2010_FSX_LDS767.exe
AddRemove-Vid-Saver - c:\program files (x86)\Vid-Saver\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2012-05-31 22:32:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-01 05:32
ComboFix2.txt 2012-05-28 04:52
ComboFix3.txt 2012-05-25 07:26
ComboFix4.txt 2012-05-25 04:19
ComboFix5.txt 2012-06-01 04:39
.
Pre-Run: 712,879,247,360 bytes free
Post-Run: 712,321,261,568 bytes free
.
- - End Of File - - C2E2B64AD5DAA5DD65C96D8A6E338DD2
  • 0

#24
WhiteHat
Posted 02 June 2012 - 01:18 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Ad's are gone on the old firefox...although I did just update it so not sure if it was the update or this last fix we did.

And what about Internet Explorer?

Disable your antivirus software
  • Acess the Eset Online Scanner website using Internet Explorer navigator.
    http://www.eset.com/us/online-scanner/
  • Do the scan according the image:

    Posted Image
  • At the end, check the box "Delete Quarantined files" and click in [FINISH]
  • It will be generated a log in C:\Program Files\EsetOnlineScanner\Log.txt
    PS: If you didn't find the log.txt file in \EsetOnlineScanner\, look on \Program Files\Eset\EsetOnlineScanner\log.txt
  • Post that log.

  • 0

#25
tcco94
Posted 06 June 2012 - 06:13 PM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Okay the adds appear to be back :(.....


Here was that log...

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36a9a74d89745b42be708575e213b0ca
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-17 11:33:21
# local_time=2012-05-17 04:33:21 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1032 16777213 100 88 0 79507532 0 0
# compatibility_mode=5893 16776574 66 94 40806464 88840838 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=548
# found=0
# cleaned=0
# scan_time=234
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36a9a74d89745b42be708575e213b0ca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-05-18 02:49:56
# local_time=2012-05-17 07:49:56 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1032 16777213 100 88 0 79507801 0 0
# compatibility_mode=5893 16776574 66 94 40806733 88841107 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=429565
# found=8
# cleaned=8
# scan_time=11759
C:\Qoobox\Quarantine\C\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions\{eeaebbc2-35ec-4015-85fd-5a2aecca1b58}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions\{eeaebbc2-35ec-4015-85fd-5a2aecca1b58}\chrome\xulcache.jar.vir JS/Agent.NDO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Tyler\AppData\Local\114f7cae\U\80000000.@ Win64/Sirefef.V trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Tyler\AppData\Roaming\BitTorrent\SONY VEGAS PRO 9 + PATCH & CRACK.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Tyler\AppData\Roaming\BitTorrent\Sony Vegas Pro 9.0 Crack Only.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Tyler\AppData\Roaming\BitTorrent\Dirt.3-SKIDROW\sr-dirt3.iso a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Tyler\AppData\Roaming\BitTorrent\Harry.Potter.and.the.Deathly.Hallows.Part.2-SKIDROW\sr-hp8.iso a variant of Win32/Packed.VMProtect.AAA trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Tyler\AppData\Roaming\BitTorrent\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ]\Sony Vegas PRO 10.0c+Keygen(works with windows7) [ kk ].rar a variant of Win32/Packed.VMProtect.AAD trojan (deleted - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=36a9a74d89745b42be708575e213b0ca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-06-02 10:02:20
# local_time=2012-06-02 03:02:20 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1032 16777213 100 88 0 80875185 0 0
# compatibility_mode=5893 16776574 100 94 42174117 90208491 0 0
# compatibility_mode=8192 67108863 100 0 1281501 1281501 0 0
# scanned=446935
# found=0
# cleaned=0
# scan_time=9519
  • 0

Advertisements

#26
WhiteHat
Posted 07 June 2012 - 02:45 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Okay the adds appear to be back

Which browser? Internet Explorer and/or Firefox?
  • 0

#27
tcco94
Posted 07 June 2012 - 11:28 PM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Just firefox.
  • 0

#28
WhiteHat
Posted 08 June 2012 - 11:11 AM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

  • 0

#29
tcco94
Posted 12 June 2012 - 09:51 PM

tcco94

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 6/12/2012 8:03:45 PM - Run 6
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Tyler\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 60.97% Memory free
8.00 Gb Paging File | 5.44 Gb Available in Paging File | 67.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.17 Gb Total Space | 662.22 Gb Free Space | 72.12% Space Free | Partition Type: NTFS
Drive D: | 13.24 Gb Total Space | 1.63 Gb Free Space | 12.31% Space Free | Partition Type: NTFS

Computer Name: TYLER-HP | User Name: Tyler | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/11 20:16:14 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/05/31 14:02:25 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/05/14 21:30:43 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe
PRC - [2012/05/12 11:59:52 | 006,379,888 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe
PRC - [2012/03/19 13:32:24 | 009,413,712 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2012/01/17 21:03:24 | 002,339,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgtray.exe
PRC - [2011/08/03 14:54:15 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
PRC - [2011/01/21 00:51:26 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010/10/19 02:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/31 14:02:25 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/05/22 18:07:45 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/05/22 18:07:42 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/05/22 18:07:41 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/22 18:07:41 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/05/22 18:07:41 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/05/04 21:13:10 | 008,797,856 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/10/14 14:58:52 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/08/19 17:43:24 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) Cyberlink RichVideo64 Service(CRVS)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/08/05 20:47:48 | 000,681,528 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/05/11 08:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/11 20:16:14 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/05/31 14:02:25 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 21:13:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/25 16:59:11 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/11/10 06:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 05:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/28 18:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2011/01/21 00:51:26 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/10/19 02:03:46 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/28 09:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 16:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/28 05:12:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\80874294.sys -- (80874294)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/27 19:05:26 | 000,118,864 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/04/05 00:59:54 | 000,377,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/03/16 16:03:18 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/01 14:25:18 | 000,041,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/02/22 08:12:46 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/02/10 07:53:34 | 000,029,264 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/01/07 06:41:44 | 000,304,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2010/12/14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/07 13:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/09/02 23:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 06:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 06:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/07/21 20:57:22 | 001,002,848 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/05/11 08:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 07:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 08:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/02/15 17:50:02 | 000,178,304 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0763.sys -- (SaiH0763)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2011-12-12 08:14:43&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yah...psg&type=HPDTDF
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-141472487-685583464-1612949001-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://us.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.4.20101212100510
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..keyword.URL: "http://search.yahoo....fr=ytff-tyc&p="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Tyler\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Tyler\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Tyler\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/24 00:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/10/14 01:48:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012/02/02 09:55:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/11 20:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/31 14:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/11 20:16:25 | 000,000,000 | ---D | M]

[2011/01/20 20:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Extensions
[2012/06/12 16:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions
[2012/05/19 00:22:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/12 16:37:47 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions\[email protected]
[2011/11/06 10:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions\[email protected]
[2012/06/12 16:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions\staged
[2012/03/04 21:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/06 10:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2011/11/06 10:56:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\[email protected]
[2012/05/31 14:02:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/04 21:22:30 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/11 20:16:11 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/05/31 14:02:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/05/31 14:02:24 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/31 22:04:19 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-141472487-685583464-1612949001-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-141472487-685583464-1612949001-1001..\Run: [BitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-141472487-685583464-1612949001-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-141472487-685583464-1612949001-1001..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.)
O4 - HKU\S-1-5-21-141472487-685583464-1612949001-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-141472487-685583464-1612949001-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MP3 Rocket (Minimized).lnk = File not found
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_80874294.lnk = File not found
O4 - Startup: C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_83475326.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-141472487-685583464-1612949001-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-141472487-685583464-1612949001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-141472487-685583464-1612949001-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6EE45582-0148-4844-9BBC-B450B0FAD9E8}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/31 22:33:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/31 22:04:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/05/31 21:40:56 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/31 14:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/31 14:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/27 20:19:56 | 000,460,888 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\80874294.sys
[2012/05/24 18:49:59 | 004,533,164 | R--- | C] (Swearware) -- C:\Users\Tyler\Desktop\ComboFix.exe
[2012/05/17 16:25:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/05/15 23:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/14 21:30:32 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe

========== Files - Modified Within 30 Days ==========

[2012/06/12 20:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/12 19:41:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/12 18:41:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/12 17:04:44 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/12 17:04:44 | 000,628,414 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/12 17:04:44 | 000,110,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/12 16:41:02 | 100,275,833 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/12 16:35:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/11 20:16:25 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/08 19:52:56 | 2219,585,242 | ---- | M] () -- C:\Users\Tyler\Documents\Tyler Connell Graduation 2012.wmv
[2012/06/07 15:44:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 15:44:21 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 14:02:42 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTYLER-HP$.job
[2012/06/07 01:26:05 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTyler.job
[2012/06/06 17:06:34 | 3220,660,224 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/03 20:01:00 | 042,377,028 | ---- | M] () -- C:\Users\Tyler\Desktop\bandicam 2012-06-03 19-58-51-079.avi
[2012/06/03 19:14:10 | 050,186,412 | ---- | M] () -- C:\Users\Tyler\Desktop\bandicam 2012-06-03 19-11-50-681.avi
[2012/06/01 19:42:31 | 000,557,318 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/05/31 22:46:05 | 000,001,140 | ---- | M] () -- C:\Users\Tyler\Desktop\Mozilla Firefox 2.lnk
[2012/05/31 22:04:19 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/31 21:39:06 | 004,533,164 | R--- | M] (Swearware) -- C:\Users\Tyler\Desktop\ComboFix.exe
[2012/05/31 14:02:27 | 000,002,046 | ---- | M] () -- C:\Users\Tyler\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/05/28 05:12:46 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\80874294.sys
[2012/05/27 20:20:41 | 000,001,010 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_80874294.lnk
[2012/05/27 20:19:26 | 136,461,032 | ---- | M] () -- C:\Users\Tyler\Desktop\setup_11.0.0.1245.x01_2012_05_28_05_12.exe
[2012/05/27 20:14:42 | 000,001,010 | ---- | M] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_83475326.lnk
[2012/05/14 21:30:43 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Tyler\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2012/06/11 20:16:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/06/11 20:16:25 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/06/08 20:50:16 | 2219,585,242 | ---- | C] () -- C:\Users\Tyler\Documents\Tyler Connell Graduation 2012.wmv
[2012/06/03 19:58:51 | 042,377,028 | ---- | C] () -- C:\Users\Tyler\Desktop\bandicam 2012-06-03 19-58-51-079.avi
[2012/06/03 19:11:50 | 050,186,412 | ---- | C] () -- C:\Users\Tyler\Desktop\bandicam 2012-06-03 19-11-50-681.avi
[2012/05/27 21:23:07 | 000,001,140 | ---- | C] () -- C:\Users\Tyler\Desktop\Mozilla Firefox 2.lnk
[2012/05/27 20:20:41 | 000,001,010 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_80874294.lnk
[2012/05/27 20:17:48 | 136,461,032 | ---- | C] () -- C:\Users\Tyler\Desktop\setup_11.0.0.1245.x01_2012_05_28_05_12.exe
[2012/05/27 20:14:42 | 000,001,010 | ---- | C] () -- C:\Users\Tyler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_83475326.lnk
[2011/12/08 18:33:07 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/08 18:33:07 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/11/24 12:55:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/24 12:55:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/24 12:55:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/24 12:55:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/24 12:55:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/13 13:15:00 | 000,017,408 | ---- | C] () -- C:\Users\Tyler\AppData\Local\WebpageIcons.db
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 00:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 00:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/08/06 16:16:31 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IsUser11b.dll
[2011/02/28 16:51:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/01/26 19:31:47 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2011/01/21 00:49:25 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/01/21 00:49:24 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/01/21 00:49:23 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/01/20 21:12:37 | 000,000,486 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/11/24 00:42:25 | 000,002,110 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/11/23 23:59:52 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010/11/23 23:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/21 11:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/02/29 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\.minecraft
[2011/03/27 15:37:12 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Ariane
[2012/05/06 18:05:23 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Atari
[2011/01/22 18:41:13 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\AVG10
[2011/12/08 19:17:15 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\BANDISOFT
[2011/03/11 15:51:00 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Bioshock2
[2012/06/12 20:29:46 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\BitTorrent
[2011/10/30 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/16 16:10:15 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Electronic Arts
[2011/10/14 01:44:23 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\EZCA
[2011/12/17 20:29:56 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\HiFi
[2011/10/14 01:48:34 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\IrfanView
[2011/03/04 17:09:09 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Leadertech
[2011/07/17 11:43:42 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\MP3Rocket
[2011/09/11 10:29:14 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\MyTraffic
[2011/01/20 18:51:45 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\PictureMover
[2012/03/03 15:18:31 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Sony
[2012/01/08 15:19:47 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Sports Interactive
[2011/03/25 23:07:23 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\SystemRequirementsLab
[2011/01/21 17:07:29 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\TeamViewer
[2011/03/04 16:25:18 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\Ubisoft
[2011/08/06 16:33:15 | 000,000,000 | ---D | M] -- C:\Users\Tyler\AppData\Roaming\WinBatch
[2012/01/10 08:38:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:74603393
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:00934A10

< End of report >
  • 0

#30
WhiteHat
Posted 13 June 2012 - 02:25 PM

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Commands
[CREATERESTOREPOINT]

:OTL
[2012/06/12  16:37:47 | 000,000,000 | ---D | M] ("Vid-Saver") --    C:\Users\Tyler\AppData\Roaming\Mozilla\Firefox\Profiles\4enpnal3.default\extensions\[email protected]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP