Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't access Google.com in any browser [Solved]


  • This topic is locked This topic is locked

#1
Aquabat64x

Aquabat64x

    Member

  • Member
  • PipPip
  • 43 posts
Having a little trouble when trying to go to google.com or other things related to it (other searches and help pages)
I can access Google+ and Gmail , but thats about it.


I've run AVG and Spybot and nothing is detected. I read a few other threads about this and looked at my router settings and thats not blocking it in any way that I can find, and 3 other computers in my house can access google fine. I looked at my Hosts file and didn't find google.com com listed there either.

I've attached both a copy of my Hosts file and a Hijackthis log


so what else can I try?

Attached Files


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need more information than Hijackthis can provide

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Aquabat64x

Aquabat64x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Alrighty, here are those logs you were looking for

OTL logfile created on: 6/29/2012 9:46:28 AM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Richins\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.58 Mb Total Physical Memory | 308.31 Mb Available Physical Memory | 30.15% Memory free
2.26 Gb Paging File | 1.12 Gb Available in Paging File | 49.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.43 Gb Total Space | 18.17 Gb Free Space | 12.67% Space Free | Partition Type: NTFS
Drive D: | 5.62 Gb Total Space | 0.88 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 27.94 Gb Total Space | 27.84 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

Computer Name: RICHINS-PC | User Name: Richins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/20 15:07:43 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/29 09:44:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Richins\Downloads\OTL.exe
PRC - [2012/06/23 19:30:28 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/11 10:24:55 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/11 10:24:43 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 16:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 16:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/20 15:07:42 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/11 10:25:00 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/11 10:24:43 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/02/29 13:26:28 | 000,360,768 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/06/23 19:30:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/11 10:24:55 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/29 19:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2008/11/26 13:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/25 07:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/13 08:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/03 11:29:18 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {F67340B0-43F4-4225-A488-0608DAAD0113}
IE - HKLM\..\SearchScopes\{28A6656D-3A9A-4CE7-A30F-2414D0DFB19D}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKLM\..\SearchScopes\{83A01952-BBFC-44BF-B45E-7841B23CF935}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{F67340B0-43F4-4225-A488-0608DAAD0113}: "URL" = http://search.yahoo....ing}&fr=hp-psdt


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55899

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55899



IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\..\SearchScopes\{28A6656D-3A9A-4CE7-A30F-2414D0DFB19D}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\..\SearchScopes\{83A01952-BBFC-44BF-B45E-7841B23CF935}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-11 10:25:04&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\..\SearchScopes\{F67340B0-43F4-4225-A488-0608DAAD0113}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63879

IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:04&sap=ku&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 63879
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 10:26:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/13 14:53:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/11 10:10:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/11 10:25:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/20 15:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 11:06:20 | 000,000,000 | ---D | M]

[2011/09/11 08:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richins\AppData\Roaming\Mozilla\Extensions
[2012/06/11 13:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richins\AppData\Roaming\Mozilla\Firefox\Profiles\lhavymvu.default\extensions
[2011/11/29 11:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/11 10:10:00 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/11 10:25:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012/06/11 13:46:54 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RICHINS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHAVYMVU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2013/03/20 15:07:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 10:24:39 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/29 09:34:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:34:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/24 08:19:19 | 000,000,025 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-2420758538-4252974037-2543529722-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2420758538-4252974037-2543529722-1004\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFA10581-7469-4F58-87B6-8A3FBDB837BD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D506EE8B-9E22-4986-B9ED-066212347A11}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Richins\Pictures\Laguna.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richins\Pictures\Laguna.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6f7e729c-dc31-11e0-82b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6f7e729c-dc31-11e0-82b6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe -- [2003/08/27 04:47:08 | 000,147,456 | R--- | M] ()
O33 - MountPoints2\{bb65e0c5-8027-11db-b21e-001921b2cc5c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb65e0c5-8027-11db-b21e-001921b2cc5c}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{e04b579d-361b-11e1-8d42-001921b2cc5c}\Shell - "" = AutoRun
O33 - MountPoints2\{e04b579d-361b-11e1-8d42-001921b2cc5c}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/24 07:35:11 | 000,000,000 | ---D | C] -- C:\Users\Richins\AppData\Local\Macromedia
[2012/06/11 12:53:52 | 000,000,000 | ---D | C] -- C:\Users\Richins\AppData\Roaming\TuneUp Software
[2012/06/11 12:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/06/11 12:51:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/11 10:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/11 10:26:09 | 000,000,000 | ---D | C] -- C:\Users\Richins\AppData\Local\AVG Secure Search
[2012/06/11 10:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/11 10:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/06/11 10:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/06/07 09:35:43 | 000,000,000 | ---D | C] -- C:\Users\Richins\Documents\SimCity 4
[2012/06/07 09:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2012/06/07 09:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis

========== Files - Modified Within 30 Days ==========

[2012/06/29 09:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/29 08:37:52 | 000,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/29 08:37:52 | 000,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/29 08:05:02 | 000,033,758 | ---- | M] () -- C:\Users\Richins\AppData\Local\dt.dat
[2012/06/29 02:36:55 | 100,783,635 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/29 01:00:12 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/06/25 11:15:01 | 000,075,776 | ---- | M] () -- C:\Users\Richins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/24 14:22:11 | 000,299,296 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/24 08:19:19 | 000,000,025 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/23 19:30:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/06/23 19:30:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/06/23 01:50:43 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/20 08:59:32 | 000,442,926 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2012/06/20 08:55:50 | 000,001,003 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120620-085932.backup
[2012/06/11 10:26:50 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/07 09:41:18 | 000,002,008 | ---- | M] () -- C:\Users\Richins\Desktop\SimCity 4 Deluxe.lnk
[2012/06/07 09:21:51 | 000,000,616 | ---- | M] () -- C:\Windows\eReg.dat

========== Files Created - No Company Name ==========

[2012/06/29 08:05:02 | 000,033,758 | ---- | C] () -- C:\Users\Richins\AppData\Local\dt.dat
[2012/06/07 09:41:18 | 000,002,008 | ---- | C] () -- C:\Users\Richins\Desktop\SimCity 4 Deluxe.lnk
[2012/06/07 09:21:51 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/21 14:50:03 | 000,000,000 | ---- | C] () -- C:\Users\Richins\AppData\Roaming\wklnhst.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/01/18 22:45:02 | 000,120,808 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/12/03 01:21:01 | 000,000,252 | ---- | C] () -- C:\Windows\wininit.ini
[2011/10/27 17:52:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/10/27 17:52:19 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/09/19 13:56:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/19 13:56:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/19 13:55:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/17 13:22:50 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/17 13:22:49 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/17 13:13:26 | 000,075,776 | ---- | C] () -- C:\Users\Richins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 06:42:37 | 000,000,095 | ---- | C] () -- C:\Users\Richins\AppData\Local\fusioncache.dat
[2011/09/11 00:59:41 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/09/11 00:56:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2011/09/11 00:56:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2011/09/10 23:07:11 | 000,000,680 | ---- | C] () -- C:\Users\Richins\AppData\Local\d3d9caps.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/09/11 08:01:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/09/11 08:01:02 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/09/11 08:01:01 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/09/11 08:01:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.EXE >
[2008/01/19 03:33:28 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2006/11/02 05:45:40 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=329CF3C97CE4C19375C8ABCABAE258B0 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 08:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 08:38:29 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2011/09/18 12:23:27 | 000,001,688 | ---- | M] () MD5=A1E7815ED0372E1BA8EED02167B293B6 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2011/09/18 12:23:27 | 000,001,688 | ---- | M] () MD5=A1E7815ED0372E1BA8EED02167B293B6 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 08:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 08:39:04 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6000.16386_none_cd2d20a848cfd40f\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2006/11/02 05:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 03:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 03:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 05:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB54231$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Attached Files


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you have one of two possible infections here

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55899
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:55899
    IE - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:63879
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 63879
    FF - prefs.js..network.proxy.type: 0
    O3 - HKU\S-1-5-21-2420758538-4252974037-2543529722-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4 - HKU\.DEFAULT..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found
    O4 - HKU\S-1-5-18..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe File not found

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

AND FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Aquabat64x

Aquabat64x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
You sir are magic
I can now access google sites again

here are those logs, but I don't know if the Combofix worked
It had been running a long time, so I left it running while I went to work
when I came home I found that my computer had shut down unexpectedly (according to windows startup)
and I was not able to find C:\ComboFix.txt

OTL logfile created on: 6/30/2012 8:52:22 AM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Richins\Downloads\OTL
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.58 Mb Total Physical Memory | 350.09 Mb Available Physical Memory | 34.24% Memory free
2.25 Gb Paging File | 1.44 Gb Available in Paging File | 63.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 143.43 Gb Total Space | 18.64 Gb Free Space | 13.00% Space Free | Partition Type: NTFS
Drive D: | 5.62 Gb Total Space | 0.88 Gb Free Space | 15.57% Space Free | Partition Type: NTFS
Drive E: | 641.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 27.94 Gb Total Space | 27.84 Gb Free Space | 99.65% Space Free | Partition Type: NTFS

Computer Name: RICHINS-PC | User Name: Richins | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/29 09:44:00 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Richins\Downloads\OTL\OTL.exe
PRC - [2012/06/11 10:24:55 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/06/11 10:24:43 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 16:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/02/29 16:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/09/28 09:42:24 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/11 10:25:00 | 000,132,664 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\SiteSafety.dll
MOD - [2012/06/11 10:24:43 | 001,104,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/06/23 19:30:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/11 10:24:55 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/29 19:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/03/19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/02/29 19:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/02/22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010/12/07 14:23:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem)
DRV - [2010/12/07 14:23:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag)
DRV - [2010/12/07 14:22:58 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus)
DRV - [2008/11/26 13:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/25 07:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/19 02:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/07/13 08:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/11/03 11:29:18 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ario&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {F67340B0-43F4-4225-A488-0608DAAD0113}
IE - HKLM\..\SearchScopes\{28A6656D-3A9A-4CE7-A30F-2414D0DFB19D}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKLM\..\SearchScopes\{83A01952-BBFC-44BF-B45E-7841B23CF935}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKLM\..\SearchScopes\{F67340B0-43F4-4225-A488-0608DAAD0113}: "URL" = http://search.yahoo....ing}&fr=hp-psdt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{28A6656D-3A9A-4CE7-A30F-2414D0DFB19D}: "URL" = http://search.live.c...#38;FORM=HQDUS7
IE - HKCU\..\SearchScopes\{83A01952-BBFC-44BF-B45E-7841B23CF935}: "URL" = http://www.ask.com/w...}&l=dis&o=uscqd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-06-11 10:25:04&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{F67340B0-43F4-4225-A488-0608DAAD0113}: "URL" = http://search.yahoo....ing}&fr=hp-psdt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.c...5:04&sap=ku&q="
FF - prefs.js..network.proxy.http: ""
FF - prefs.js..network.proxy.http_port: ""
FF - prefs.js..network.proxy.type: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/06/11 10:26:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/13 14:53:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/11 10:10:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/06/11 10:25:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/20 15:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/10 11:06:20 | 000,000,000 | ---D | M]

[2011/09/11 08:00:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richins\AppData\Roaming\Mozilla\Extensions
[2012/06/11 13:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Richins\AppData\Roaming\Mozilla\Firefox\Profiles\lhavymvu.default\extensions
[2011/11/29 11:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/11 10:10:00 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/06/11 10:25:47 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.7
[2012/06/11 13:46:54 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\RICHINS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LHAVYMVU.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2013/03/20 15:07:44 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 10:24:39 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/29 09:34:38 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:34:38 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/30 08:15:45 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFA10581-7469-4F58-87B6-8A3FBDB837BD}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D506EE8B-9E22-4986-B9ED-066212347A11}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Richins\Pictures\Laguna.jpg
O24 - Desktop BackupWallPaper: C:\Users\Richins\Pictures\Laguna.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/27 04:47:12 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{6f7e729c-dc31-11e0-82b6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6f7e729c-dc31-11e0-82b6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\RunGame.exe -- [2003/08/27 04:47:08 | 000,147,456 | R--- | M] ()
O33 - MountPoints2\{bb65e0c5-8027-11db-b21e-001921b2cc5c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb65e0c5-8027-11db-b21e-001921b2cc5c}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{e04b579d-361b-11e1-8d42-001921b2cc5c}\Shell - "" = AutoRun
O33 - MountPoints2\{e04b579d-361b-11e1-8d42-001921b2cc5c}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/30 08:15:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/24 07:35:11 | 000,000,000 | ---D | C] -- C:\Users\Richins\AppData\Local\Macromedia
[2012/06/11 12:53:52 | 000,000,000 | ---D | C] -- C:\Users\Richins\AppData\Roaming\TuneUp Software
[2012/06/11 12:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012/06/11 12:51:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/06/11 10:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/11 10:26:09 | 000,000,000 | ---D | C] -- C:\Users\Richins\AppData\Local\AVG Secure Search
[2012/06/11 10:25:04 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/11 10:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/06/11 10:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/06/07 09:35:43 | 000,000,000 | ---D | C] -- C:\Users\Richins\Documents\SimCity 4
[2012/06/07 09:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis
[2012/06/07 09:19:33 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis

========== Files - Modified Within 30 Days ==========

[2012/06/30 08:55:11 | 000,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/30 08:55:11 | 000,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/30 08:30:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/30 08:15:45 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/06/30 07:43:33 | 100,838,686 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/06/29 14:32:21 | 000,316,023 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/06/29 08:05:02 | 000,033,758 | ---- | M] () -- C:\Users\Richins\AppData\Local\dt.dat
[2012/06/29 01:00:12 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2012/06/25 11:15:01 | 000,075,776 | ---- | M] () -- C:\Users\Richins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/23 01:50:43 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2012/06/20 08:59:32 | 000,442,926 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.old
[2012/06/20 08:55:50 | 000,001,003 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120620-085932.backup
[2012/06/11 10:26:50 | 000,000,884 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/07 09:41:18 | 000,002,008 | ---- | M] () -- C:\Users\Richins\Desktop\SimCity 4 Deluxe.lnk
[2012/06/07 09:21:51 | 000,000,616 | ---- | M] () -- C:\Windows\eReg.dat

========== Files Created - No Company Name ==========

[2012/06/29 08:05:02 | 000,033,758 | ---- | C] () -- C:\Users\Richins\AppData\Local\dt.dat
[2012/06/07 09:41:18 | 000,002,008 | ---- | C] () -- C:\Users\Richins\Desktop\SimCity 4 Deluxe.lnk
[2012/06/07 09:21:51 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat
[2012/05/21 14:50:03 | 000,000,000 | ---- | C] () -- C:\Users\Richins\AppData\Roaming\wklnhst.dat
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/01/18 22:45:02 | 000,120,808 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/12/03 01:21:01 | 000,000,252 | ---- | C] () -- C:\Windows\wininit.ini
[2011/10/27 17:52:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
[2011/10/27 17:52:19 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
[2011/09/19 13:56:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/09/19 13:56:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/09/19 13:55:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/09/17 13:22:50 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/17 13:22:49 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/17 13:13:26 | 000,075,776 | ---- | C] () -- C:\Users\Richins\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/11 06:42:37 | 000,000,095 | ---- | C] () -- C:\Users\Richins\AppData\Local\fusioncache.dat
[2011/09/11 00:59:41 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ChCfg.exe
[2011/09/11 00:56:25 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2011/09/11 00:56:25 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2011/09/10 23:07:11 | 000,000,680 | ---- | C] () -- C:\Users\Richins\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2011/09/25 19:01:30 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\Amazon
[2011/09/14 15:58:08 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\ATT Connect
[2012/05/09 21:54:07 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\AVG
[2011/09/15 09:34:34 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\AVG2012
[2012/02/12 14:11:18 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\E414F
[2011/09/25 23:53:18 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\Spotify
[2012/05/21 14:50:05 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\Template
[2012/06/11 12:53:52 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\TuneUp Software
[2011/09/11 07:55:08 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\WinBatch
[2011/09/11 00:57:04 | 000,000,000 | ---D | M] -- C:\Users\Richins\AppData\Roaming\WindSolutions
[2012/06/30 08:47:20 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB54231$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Getting there

Re-run TDSSKiller please with the same parameters as before and delete the following detection :

\Device\Harddisk1\DR1 ( TDSS File System )

Then could you delete the copy of Combofix on your desktop, download a fresh copy. But, this time when you save the programme rename it to Gotcha

Now run the renamed copy of combofix
  • 0

#7
Aquabat64x

Aquabat64x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
did all that and once again don't think it worked
It worked "better" I guess

it got further than I saw yesterday pretty quickly, it asked for a reboot so I did.
it did its thing, completed like 50 stages

showed it deleted some files but got stuff for a long time while deleting some folders
after a bit I found it had shut down again (unexpectedly)

looking in C:\...no combofix.txt or even gotcha.txt (if that's what we were looking for this time

I did see a file called "gotcha" (as I did before seen a "combofix") but they are not txt files,
they have no extension. If I click on that file it just shows me my drives (as if I clicked on the "computer" link)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets go a slightly different route to confirm that it has all gone... Reaching stage 50 means Combofix completed

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#9
Aquabat64x

Aquabat64x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
here ya go

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that confirmed that Combofix has repaired the file... How is the computer behaving now ?
  • 0

Advertisements


#11
Aquabat64x

Aquabat64x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
doing good
still able to access google pages now

didn't really know of any other problems than that
might be runnign a bit better
but can't really tell since I have an old computer that could really use some more RAM anyways

thanks for all your help
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Go to control panel
  • Select folder options (Appearance > Folder options in category view)
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#13
Aquabat64x

Aquabat64x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
all still seeming to run ok
a few issues have found

some of the stuff the filehippo thing had me update n such turned out to show up as threats from AVG
and also I'm not able to update window

I keep getting an error of 80096001

checked it out on windows and downloaded their little "fixit" program and it said it corrected the issue
but still can't update
any ideas?
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep lets first check that all the right drivers are in place... Also AVG is being a bit paranoid

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#15
Aquabat64x

Aquabat64x

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Farbar Service Scanner Version: 02-07-2012
Ran by Richins (administrator) on 03-07-2012 at 12:42:10
Running from "C:\Users\Richins\Downloads\OTL"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP