Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

need help removing a trojan dropper generic 28/svchost.exe*32 [Solved]

Started by icarusphoenix27 , Jul 31 2012 01:13 PM

This topic is locked

#1
icarusphoenix27

Posted 31 July 2012 - 01:13 PM

New Member

Member
8 posts

avg constantly alerts of generic trojan dropper, malwarebytes keeps blocking access to potentially malicious websites, and a svchost.exe*32 process is using up to 80% of my cpu and memory.I have tried some tutorials without success...please help!

#2
icarusphoenix27

Posted 31 July 2012 - 01:19 PM

New Member

Topic Starter
Member
8 posts

I tried to post an OTL log but the site said it was too long?

#3
Essexboy

Posted 31 July 2012 - 02:53 PM

GeekU Moderator

Retired Staff
69,964 posts

Could you attach the log please

#4
icarusphoenix27

Posted 31 July 2012 - 03:23 PM

New Member

Topic Starter
Member
8 posts

ok, log attatched! I had to compress it because it was too big to upload...sorry if I'm doing things wrong!

Attached Files

otllog.rar 80.2KB 65 downloads

#5
Essexboy

Posted 31 July 2012 - 03:36 PM

GeekU Moderator

Retired Staff
69,964 posts

Not a problem, have you just updated windows ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Files
ipconfig /flushdns /c
C:\Windows\Installer\{c12ae097-b346-22b9-e8c8-20dd60954359}
C:\Users\icarusphoenix\AppData\Local\{c12ae097-b346-22b9-e8c8-20dd60954359}

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#6
icarusphoenix27

Posted 31 July 2012 - 04:15 PM

New Member

Topic Starter
Member
8 posts

Ok, did the first step, about to do combofix...here is the new otl log.

OTL logfile created on: 7/31/2012 4:02:18 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\icarusphoenix\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 42.32% Memory free
3.87 Gb Paging File | 2.35 Gb Available in Paging File | 60.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 213.73 Gb Total Space | 24.19 Gb Free Space | 11.32% Space Free | Partition Type: NTFS
Drive D: | 18.86 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS
Drive G: | 320.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ICARUSPHOENIX27 | User Name: icarusphoenix | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 16:01:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\icarusphoenix\Desktop\OTL.exe
PRC - [2012/07/26 23:14:09 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/05/31 14:33:56 | 000,385,416 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
PRC - [2012/05/02 20:59:07 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/23 04:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/05 03:09:52 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/09/29 01:55:32 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/26 23:14:09 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012/05/02 20:59:06 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/08/16 15:21:30 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/08/16 15:21:30 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/08/16 15:21:30 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/26 23:14:09 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/31 14:33:56 | 000,385,416 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2012/05/31 14:33:10 | 000,397,704 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2012/05/02 20:59:07 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/02/23 04:40:41 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 11:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 19:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/25 19:21:15 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/17 17:08:16 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys -- (WsAudioDevice_383S(1)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/04 21:57:54 | 001,041,760 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/09/29 01:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/09/13 12:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/12 02:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2010/03/22 19:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/20 23:54:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/24 05:55:41 | 000,118,016 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qscnusb.sys -- (MobileAdapter)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/05/31 14:33:50 | 000,075,144 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00090004e0810e1
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pa&d=2011-12-12 09:53:20&v=9.0.0.18&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{A9D043EE-EB34-4A97-BFD3-95FC0C08B18C}: "URL" = http://websearch.ask...8-54E78E5455DB
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...}&mfe=Notebooks
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....ome.php?ref=hp"
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\icarusphoenix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\icarusphoenix\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\icarusphoenix\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\icarusphoenix\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/18 17:11:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 18:56:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/09 20:11:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/12/20 22:08:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\icarusphoenix\AppData\Roaming\Mozilla\Extensions
[2012/06/20 12:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\icarusphoenix\AppData\Roaming\Mozilla\Firefox\Profiles\vow8ot2k.default\extensions
[2012/03/26 02:43:23 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\icarusphoenix\AppData\Roaming\Mozilla\Firefox\Profiles\vow8ot2k.default\extensions\[email protected]
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\icarusphoenix\AppData\Roaming\Mozilla\Firefox\Profiles\vow8ot2k.default\searchplugins\askcom.xml
[2012/05/02 20:59:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/02 18:56:22 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2012/07/18 17:11:46 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/06/20 12:36:06 | 000,377,145 | ---- | M] () (No name found) -- C:\USERS\ICARUSPHOENIX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VOW8OT2K.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2012/05/02 20:59:07 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/14 06:30:18 | 000,003,766 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/01/24 23:31:45 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011/12/16 19:20:10 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/16 19:20:10 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/31 15:49:45 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5234EEB6-9645-4B41-80B9-9D92E56E0DAB}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E97B80D0-3DA1-4B4A-B8EF-79EBB2AA5745}: DhcpNameServer = 24.116.2.50 24.116.2.34
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/24 09:51:21 | 000,000,057 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2ffb0ae2-43d2-11e1-840a-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{2ffb0ae2-43d2-11e1-840a-984be19734b4}\Shell\AutoRun\command - "" = H:\HWPcAssistant.exe
O33 - MountPoints2\{345a8ddd-4566-11e1-8e59-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{345a8ddd-4566-11e1-8e59-984be19734b4}\Shell\AutoRun\command - "" = H:\HWPcAssistant.exe
O33 - MountPoints2\{8f392a8c-ef5d-11e0-908a-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{8f392a8c-ef5d-11e0-908a-984be19734b4}\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
O33 - MountPoints2\{8f392a8d-ef5d-11e0-908a-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{8f392a8d-ef5d-11e0-908a-984be19734b4}\Shell\AutoRun\command - "" = J:\HWPcAssistant.exe
O33 - MountPoints2\{d158717d-97b3-11e1-bbae-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{d158717d-97b3-11e1-bbae-984be19734b4}\Shell\AutoRun\command - "" = I:\HWPcAssistant.exe
O33 - MountPoints2\{d4524372-76d8-11e1-b704-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{d4524372-76d8-11e1-b704-984be19734b4}\Shell\AutoRun\command - "" = G:\Main\autorun\Autorun.exe -- [2009/09/08 14:59:51 | 000,035,952 | R--- | M] ()
O33 - MountPoints2\{e586758f-5839-11e1-98e2-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{e586758f-5839-11e1-98e2-984be19734b4}\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
O33 - MountPoints2\{e5faade5-9277-11e1-8ab4-984be19734b4}\Shell - "" = AutoRun
O33 - MountPoints2\{e5faade5-9277-11e1-8ab4-984be19734b4}\Shell\AutoRun\command - "" = H:\HWPcAssistant.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\HWPcAssistant.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\HWPcAssistant.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\HWPcAssistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 16:01:41 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\icarusphoenix\Desktop\OTL.exe
[2012/07/31 15:49:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/31 15:20:28 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Local\{8259DE8C-9C49-4E03-B224-3A6552078698}
[2012/07/31 10:20:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/31 10:20:25 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/31 10:10:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/29 23:06:23 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Roaming\Malwarebytes
[2012/07/29 23:06:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/29 23:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/29 23:06:02 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/29 23:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/28 16:44:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/28 15:55:39 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\Documents\Wizards of the Coast
[2012/07/28 15:54:52 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Local\SKIDROW
[2012/07/28 15:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wizards of the Coast LLC
[2012/07/28 15:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wizards of the Coast LLC
[2012/07/28 15:37:55 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\Documents\BotaniculaSaves
[2012/07/28 15:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
[2012/07/28 15:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GOG.com
[2012/07/28 14:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Desktop Gaming
[2012/07/28 14:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crime Solitaire
[2012/07/28 14:17:35 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled Blitz
[2012/07/28 14:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled Blitz
[2012/07/28 14:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bejeweled 2 Deluxe
[2012/07/19 15:21:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Games
[2012/07/18 17:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/16 15:53:42 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Roaming\BlamGames
[2012/07/16 15:45:27 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fierce Tales - The Dog's Heart Collector's Edition
[2012/07/16 15:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fierce Tales - The Dog's Heart Collector's Edition
[2012/07/16 15:45:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fierce Tales - The Dog's Heart Collector's Edition
[2012/07/16 14:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2012/07/16 14:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012/07/16 14:51:39 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012/07/08 11:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
[2012/07/08 11:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks
[2012/07/08 10:48:55 | 003,785,056 | ---- | C] (BlueStack Systems, Inc.) -- C:\Users\icarusphoenix\Desktop\BlueStacks-ThinInstaller_0.6.3.0686.exe
[2012/07/08 10:48:55 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Local\BlueStacks
[2012/07/08 10:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks
[2012/07/08 10:09:36 | 003,785,096 | ---- | C] (BlueStack Systems, Inc.) -- C:\Users\icarusphoenix\Desktop\BlueStacks-ThinInstaller_0.7.0.722.exe
[2012/07/08 10:09:36 | 000,000,000 | ---D | C] -- C:\Users\icarusphoenix\AppData\Local\BlueStacksSetup

========== Files - Modified Within 30 Days ==========

[2012/07/31 16:05:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 16:05:33 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 16:02:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910162082-1332190556-3629786422-1000UA.job
[2012/07/31 16:01:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\icarusphoenix\Desktop\OTL.exe
[2012/07/31 15:58:07 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/31 15:57:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 15:57:35 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 15:49:45 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/07/31 15:22:34 | 000,082,129 | ---- | M] () -- C:\Users\icarusphoenix\Documents\otllog.rar
[2012/07/31 15:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 15:13:04 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/31 12:21:59 | 000,000,512 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\MBR.dat
[2012/07/31 10:35:28 | 000,881,494 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\SecurityCheck.exe
[2012/07/31 10:23:49 | 000,000,331 | ---- | M] () -- C:\Start_.cmd
[2012/07/31 10:00:42 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1910162082-1332190556-3629786422-1000Core.job
[2012/07/31 10:00:12 | 102,632,164 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/30 21:13:26 | 002,117,108 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\tdsskiller(2).zip
[2012/07/29 23:06:06 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 17:27:54 | 000,727,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/28 17:27:54 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/28 17:27:54 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/28 15:52:46 | 000,002,587 | ---- | M] () -- C:\Users\Public\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013.lnk
[2012/07/28 15:37:29 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Botanicula.lnk
[2012/07/28 14:37:43 | 000,001,092 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\Crime Solitaire.lnk
[2012/07/28 14:17:35 | 000,001,952 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\Bejeweled Blitz.lnk
[2012/07/28 14:16:49 | 000,001,093 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\Bejeweled 2 Deluxe.lnk
[2012/07/19 15:26:11 | 000,002,470 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\Fierce Tales The Dogs Heart Collectors.lnk
[2012/07/18 17:11:46 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/18 01:41:04 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForICARUSPHOENIX27$.job
[2012/07/17 20:17:31 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForicarusphoenix.job
[2012/07/16 15:51:55 | 000,001,330 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/07/16 14:55:06 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2012/07/16 14:55:06 | 000,000,231 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.url
[2012/07/15 08:54:07 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\Family Feud 2010.lnk
[2012/07/11 18:22:08 | 000,295,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/08 11:14:09 | 000,001,519 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\Apps.lnk
[2012/07/08 11:14:08 | 000,001,883 | ---- | M] () -- C:\Users\icarusphoenix\Desktop\Start BlueStacks.lnk
[2012/07/08 10:48:47 | 003,785,056 | ---- | M] (BlueStack Systems, Inc.) -- C:\Users\icarusphoenix\Desktop\BlueStacks-ThinInstaller_0.6.3.0686.exe
[2012/07/08 10:09:14 | 003,785,096 | ---- | M] (BlueStack Systems, Inc.) -- C:\Users\icarusphoenix\Desktop\BlueStacks-ThinInstaller_0.7.0.722.exe
[2012/07/04 17:52:14 | 000,179,341 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/31 15:22:33 | 000,082,129 | ---- | C] () -- C:\Users\icarusphoenix\Documents\otllog.rar
[2012/07/31 11:32:31 | 000,000,512 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\MBR.dat
[2012/07/31 10:35:26 | 000,881,494 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\SecurityCheck.exe
[2012/07/31 10:23:49 | 000,000,331 | ---- | C] () -- C:\Start_.cmd
[2012/07/30 21:13:17 | 002,117,108 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\tdsskiller(2).zip
[2012/07/29 23:06:06 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 15:52:46 | 000,002,587 | ---- | C] () -- C:\Users\Public\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013.lnk
[2012/07/28 15:37:29 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Botanicula.lnk
[2012/07/28 14:37:43 | 000,001,092 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\Crime Solitaire.lnk
[2012/07/28 14:17:35 | 000,001,952 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\Bejeweled Blitz.lnk
[2012/07/28 14:16:49 | 000,001,093 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\Bejeweled 2 Deluxe.lnk
[2012/07/19 15:26:11 | 000,002,470 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\Fierce Tales The Dogs Heart Collectors.lnk
[2012/07/16 15:51:55 | 000,001,330 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/07/16 14:55:06 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2012/07/16 14:55:06 | 000,000,231 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.url
[2012/07/16 14:54:17 | 000,001,931 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012/07/16 14:54:17 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
[2012/07/15 08:54:07 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\Family Feud 2010.lnk
[2012/07/08 11:14:09 | 000,001,519 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\Apps.lnk
[2012/07/08 11:14:08 | 000,001,883 | ---- | C] () -- C:\Users\icarusphoenix\Desktop\Start BlueStacks.lnk
[2012/05/09 20:44:40 | 000,001,181 | ---- | C] () -- C:\Windows\disney.ini
[2012/03/25 19:39:44 | 000,000,978 | ---- | C] () -- C:\Windows\eReg.dat
[2011/12/14 20:38:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/12/02 21:20:12 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/08/26 22:26:54 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/25 14:37:50 | 000,004,608 | ---- | C] () -- C:\Users\icarusphoenix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/17 20:16:44 | 000,000,065 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/08/15 22:51:28 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/06/24 00:01:02 | 000,007,605 | ---- | C] () -- C:\Users\icarusphoenix\AppData\Local\Resmon.ResmonCfg
[2010/12/01 02:33:42 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010/12/01 02:33:42 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010/10/16 13:40:15 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/21 12:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/05/18 14:02:52 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\.t4k_common
[2011/09/01 15:43:39 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Alawar Entertainment
[2011/06/30 10:54:02 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Anarchy
[2011/09/08 21:52:32 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Artifex Mundi
[2012/06/05 20:47:08 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\AVG
[2012/06/05 17:27:14 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\AVG2012
[2011/08/26 07:57:43 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\AVG9
[2012/01/24 23:31:39 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Babylon
[2012/07/16 15:53:42 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\BlamGames
[2011/09/08 22:00:00 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Blue Tea Games
[2011/09/08 09:31:27 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Boomzap
[2011/09/07 16:01:00 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Casual Box
[2012/05/21 08:11:33 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\ChessBase
[2012/01/24 23:36:36 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\ConverterLite
[2012/03/25 19:26:44 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\DAEMON Tools Lite
[2011/07/01 20:23:44 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\DAEMON Tools Pro
[2012/05/10 14:14:20 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Disney Interactive Studios
[2011/09/16 18:04:48 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\ERS Game Studios
[2012/01/05 19:34:35 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\FMZilla
[2011/08/07 10:09:52 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Freeze Tag
[2011/08/06 22:44:54 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Frogwares
[2011/12/12 19:53:57 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\FSW2
[2011/06/30 11:14:54 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Gogii
[2012/01/04 22:44:33 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\GrabPro
[2011/08/15 23:01:13 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Leadertech
[2011/08/06 22:35:47 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\LegacyInteractive
[2011/08/31 07:37:28 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\LestaStudio
[2012/07/15 08:54:23 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Ludia
[2011/08/25 19:57:48 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Mobipocket
[2011/10/25 21:39:12 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\My Games
[2012/01/05 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Orbit
[2011/06/30 11:04:22 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Orneon
[2011/12/12 22:29:18 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Petroglyph
[2011/12/24 17:03:59 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\PFStaticIP
[2012/05/31 13:08:27 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\PlayFirst
[2012/01/04 22:44:41 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\ProgSense
[2012/05/30 16:07:05 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Rovio
[2012/05/04 10:33:23 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\SoftGrid Client
[2011/08/06 22:17:08 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\SulusGames
[2012/03/25 22:15:27 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\TeamViewer
[2011/07/01 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Tific
[2011/08/26 22:29:54 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\TP
[2012/07/30 22:37:29 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\uTorrent
[2011/07/28 00:56:11 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Vogat Interactive
[2012/06/23 19:06:12 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\WildTangent
[2011/06/26 17:19:54 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\WildTangentv1002
[2011/10/25 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Windows Live Writer
[2012/01/04 23:03:52 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\Wondershare
[2012/06/05 21:32:13 | 000,000,000 | ---D | M] -- C:\Users\icarusphoenix\AppData\Roaming\ZumoDrive
[2012/05/30 22:07:16 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\Temp:DA5888A7
@Alternate Data Stream - 165 bytes -> C:\ProgramData\Temp:8DA0EB21
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:B3A5945E
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F5D01D7C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4EC7F009
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:012BC84F

< End of report >

#7
icarusphoenix27

Posted 31 July 2012 - 04:22 PM

New Member

Topic Starter
Member
8 posts

I disabled all antivirus and ran combofix, but it didn't generate a log

#8
icarusphoenix27

Posted 31 July 2012 - 05:15 PM

New Member

Topic Starter
Member
8 posts

ok, disregard that last post...i didn't have combofix properly installed. Here is the log:

ComboFix 12-07-30.03 - icarusphoenix 07/31/2012 16:46:15.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.779 [GMT -6:00]
Running from: c:\users\icarusphoenix\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 22:55 . 2012-07-31 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 21:49 . 2012-07-31 21:49 -------- d-----w- C:\_OTL
2012-07-31 16:10 . 2012-07-31 17:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-30 05:06 . 2012-07-30 05:06 -------- d-----w- c:\users\icarusphoenix\AppData\Roaming\Malwarebytes
2012-07-30 05:06 . 2012-07-30 05:06 -------- d-----w- c:\programdata\Malwarebytes
2012-07-30 05:06 . 2012-07-30 05:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-30 05:06 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 22:44 . 2012-07-28 22:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-28 21:54 . 2012-07-28 21:54 -------- d-----w- c:\users\icarusphoenix\AppData\Local\SKIDROW
2012-07-28 21:51 . 2012-07-28 21:51 -------- d-----w- c:\program files (x86)\Wizards of the Coast LLC
2012-07-28 21:36 . 2012-07-28 21:36 -------- d-----w- c:\program files (x86)\GOG.com
2012-07-28 20:37 . 2012-07-28 20:37 -------- d-----w- c:\programdata\Desktop Gaming
2012-07-28 20:37 . 2012-07-28 20:37 -------- d-----w- c:\program files (x86)\Crime Solitaire
2012-07-28 20:17 . 2012-07-28 20:17 -------- d-----w- c:\program files (x86)\Bejeweled Blitz
2012-07-28 20:16 . 2012-07-28 20:16 -------- d-----w- c:\program files (x86)\Bejeweled 2 Deluxe
2012-07-19 21:21 . 2012-07-19 21:21 -------- d-----w- c:\program files (x86)\Games
2012-07-16 21:53 . 2012-07-16 21:53 -------- d-----w- c:\users\icarusphoenix\AppData\Roaming\BlamGames
2012-07-16 21:45 . 2012-07-16 21:52 -------- d-----w- c:\program files (x86)\Fierce Tales - The Dog's Heart Collector's Edition
2012-07-16 20:54 . 2012-07-16 20:54 -------- d-----w- c:\programdata\Big Fish Games
2012-07-16 20:54 . 2012-07-16 20:54 -------- d-----w- c:\program files (x86)\bfgclient
2012-07-16 20:51 . 2012-07-16 20:55 -------- d-----w- C:\BigFishGamesCache
2012-07-15 14:53 . 2008-10-15 12:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-07-15 14:53 . 2008-10-15 12:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-07-15 14:53 . 2008-10-15 12:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-07-15 14:53 . 2008-10-15 12:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-07-15 14:53 . 2008-10-15 12:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-07-15 14:53 . 2008-10-15 12:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-07-11 14:01 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:34 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 13:34 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 13:34 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 13:34 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 13:34 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 13:34 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 13:34 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-11 13:33 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 13:33 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 13:33 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 13:33 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 13:33 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 13:33 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 13:33 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-11 13:33 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-11 13:33 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-08 17:13 . 2012-07-08 17:13 -------- d-----w- c:\programdata\BlueStacks
2012-07-08 16:48 . 2012-07-14 03:14 -------- d-----w- c:\users\icarusphoenix\AppData\Local\BlueStacks
2012-07-08 16:21 . 2012-07-08 17:13 -------- d-----w- c:\program files (x86)\BlueStacks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 05:14 . 2012-04-05 02:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 05:14 . 2011-09-07 21:20 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 13:57 . 2011-06-25 09:11 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-11 00:21 . 2012-06-11 00:21 35225416 ----a-w- c:\windows\tmp10611274
2012-06-02 22:19 . 2012-06-19 09:56 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 09:56 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 09:56 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 09:56 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 09:56 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 09:56 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 09:56 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 21:19 . 2012-06-19 09:56 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 21:15 . 2012-06-19 09:56 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 07:41 . 2012-06-08 12:58 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BCC91989-2EEE-4090-8882-6EAD361E037C}\mpengine.dll
2012-05-04 11:06 . 2012-06-15 00:38 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-15 00:38 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-15 00:38 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01 136176]
R3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\DRIVERS\qscnusb.sys [2009-09-24 118016]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-03 129976]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-24 1255736]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys [2011-11-17 29288]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-26 254528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2012-05-31 75144]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [2012-05-31 385416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-09-29 31088]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 05:14]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01 03:00]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-01 03:00]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910162082-1332190556-3629786422-1000Core.job
- c:\users\icarusphoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 01:13]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1910162082-1332190556-3629786422-1000UA.job
- c:\users\icarusphoenix\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-11 01:13]
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForicarusphoenix.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-07-18 c:\windows\Tasks\HPCeeScheduleForICARUSPHOENIX27$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{E97B80D0-3DA1-4B4A-B8EF-79EBB2AA5745}: DhcpNameServer = 24.116.2.50 24.116.2.34
TCP: Interfaces\{E97B80D0-3DA1-4B4A-B8EF-79EBB2AA5745}\157756374775966696: DhcpNameServer = 192.168.9.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{E97B80D0-3DA1-4B4A-B8EF-79EBB2AA5745}\2656C6B696E6E2931323: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E97B80D0-3DA1-4B4A-B8EF-79EBB2AA5745}\C41455E444542554454554: DhcpNameServer = 74.116.135.4 68.64.228.246
TCP: Interfaces\{E97B80D0-3DA1-4B4A-B8EF-79EBB2AA5745}\D697177756374713939303: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\icarusphoenix\AppData\Roaming\Mozilla\Firefox\Profiles\vow8ot2k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 50769bec00000000000090004e0810e1
FF - user.js: extensions.BabylonToolbar_i.hardId - 50769bec00000000000090004e0810e1
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15364
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
SafeBoot-32333965.sys
SafeBoot-42449470.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{85DF2C7E-183B-4153-9B89-36D0E239E2CB} - c:\program files (x86)\GOG.com\Dragonshard\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-07-31 17:08:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-31 23:08
.
Pre-Run: 25,856,061,440 bytes free
Post-Run: 25,685,909,504 bytes free
.
- - End Of File - - 63D16A607675A6664C93FCAB33EEC100

#9
Essexboy

Posted 01 August 2012 - 11:24 AM

GeekU Moderator

Retired Staff
69,964 posts

Could you confirm that windows updates is working please

Also do you have any other problems ?

#10
icarusphoenix27

Posted 01 August 2012 - 12:20 PM

New Member

Topic Starter
Member
8 posts

update is working, and the problems all seem resolved! Thank you so much! I will be donating from my paypal immediately after posting this!

#11
Essexboy

Posted 01 August 2012 - 12:38 PM

GeekU Moderator

Retired Staff
69,964 posts

Thank you

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:Commands
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK
Follow the prompts on the screen
A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that

Go to control panel
Select folder options (Appearance > Folder options in category view)
Select the View Tab.
Under the Hidden files and folders heading select Do not show hidden files and folders.
Click Yes to confirm.
Click OK.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:

Go to this site and click Do I have Java
It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point

Go to Control Panel and select System
Select System
On the left select System Protection and accept the warning if you get one
Select System Protection Tab
Select Create at the bottom
Type in a name i.e. Clean
Select Create

Now we can purge the infected ones

GoStart > All programs > Accessories > system tools
Right click Disc cleanup and select run as administrator
Select Your main drive and accept the warning if you get one
For a few moments the system will make some calculations
Select the More Options tab
In the System Restore and Shadow Backups select Clean up
Select Delete on the pop up
Select OK
Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image

Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

Microsoft Windows Update

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:

#12
icarusphoenix27

Posted 01 August 2012 - 01:50 PM

New Member

Topic Starter
Member
8 posts

I followed all your instructions. Thank you again for all your valuable time, and I will be sure to recommend this site to everyone, and come back if I have any further problems! Thanks!

#13
Essexboy

Posted 01 August 2012 - 01:52 PM

GeekU Moderator

Retired Staff
69,964 posts

My pleasure

#14
Essexboy

Posted 04 August 2012 - 10:19 AM

GeekU Moderator

Retired Staff
69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.