Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Redirect Virus Removal Help


  • Please log in to reply

#1
The-Infected

The-Infected

    Member

  • Member
  • PipPip
  • 20 posts
Hi, my computer is giving me some problems with redirecting me to sites when using google. At first, I had a pop-up in the bottom right hand corner that "recommended" sites for me to visit. After downloading several virus removal programs, I settled with the AVG 30-day trial, as that seemed to fix the pop-up. Now, every now and then, when I click on sites while doing a google search, it redirects me to sites that I did not click on. It seems that many people have this problem, but everything I've tried (including your how-to fix google redirect help guide with TDSKiller.exe) says my computer is clean. Can you help me with this? Here is my OTL log file:

OTL logfile created on: 8/10/2012 10:02:59 AM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Stephanie\Desktop\virus removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.31% Memory free
15.98 Gb Paging File | 13.89 Gb Available in Paging File | 86.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.33 Gb Total Space | 770.17 Gb Free Space | 83.68% Space Free | Partition Type: NTFS
Drive D: | 11.08 Gb Total Space | 1.60 Gb Free Space | 14.46% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 548.85 Gb Free Space | 58.92% Space Free | Partition Type: NTFS

Computer Name: MUFFINMAN | User Name: Stephanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 10:02:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\virus removal\OTL.exe
PRC - [2012/07/30 11:45:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/24 15:15:40 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/07/24 15:15:40 | 000,830,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/10/21 11:31:38 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/10/21 11:31:38 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/10/21 11:31:38 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/09/26 20:53:04 | 001,855,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2009/12/03 06:00:00 | 005,724,472 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
PRC - [2009/12/03 06:00:00 | 000,587,264 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
PRC - [2009/10/22 18:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 19:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
PRC - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/30 11:45:29 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/24 15:15:40 | 001,147,488 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/24 15:15:40 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\SiteSafety.dll
MOD - [2012/06/25 16:52:42 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/06/25 16:43:09 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/06/25 16:42:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/06/25 16:42:56 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/06/25 16:42:49 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/25 16:42:30 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/25 16:42:28 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/25 16:42:28 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/06/25 16:42:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/06/25 16:42:16 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/06/25 16:42:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/06/25 16:42:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/06/25 16:42:06 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/30 16:02:03 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/10/22 18:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/09/29 15:25:46 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/09/29 15:25:44 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/09/29 15:25:38 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/09/29 15:25:38 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/09/29 15:25:38 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/09/29 15:25:36 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/09/29 15:25:28 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/12 12:28:38 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/09/27 04:00:24 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010/02/11 04:05:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV - [2012/07/30 11:45:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/24 15:15:40 | 000,830,048 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe -- (vToolbarUpdater12.1.5)
SRV - [2012/07/24 08:40:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/24 08:40:16 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/03 06:00:00 | 000,587,264 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe -- (WkSvw32.exe)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/24 15:15:41 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/06/15 01:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/11 04:24:04 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/11 03:11:12 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/03 06:00:00 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2009/08/07 08:59:18 | 000,016,896 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Wibukey2_64.sys -- (Wibukey2_64)
DRV:64bit: - [2009/07/18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 11:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/04 08:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/09/17 17:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 09:29:17] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}
IE:64bit: - HKLM\..\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE:64bit: - HKLM\..\SearchScopes\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}
IE - HKLM\..\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKLM\..\SearchScopes\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
IE - HKCU\..\SearchScopes\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-07-24 15:15:41&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/24 15:14:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.1.0.21\ [2012/07/24 15:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/30 11:45:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/03 12:11:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}: C:\Users\Stephanie\AppData\Local\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}\ [2012/07/30 15:43:34 | 000,000,000 | ---D | M]

[2011/08/30 11:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Extensions
[2012/05/04 13:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\extensions
[2011/10/15 17:30:46 | 000,001,945 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\searchplugins\bing-zugo.xml
[2011/10/15 17:46:47 | 000,000,935 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\searchplugins\conduit.xml
[2011/11/17 15:55:05 | 000,001,210 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\searchplugins\search.xml
[2012/07/30 11:45:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/30 15:43:34 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\STEPHANIE\APPDATA\LOCAL\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}
[2012/07/30 11:45:29 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/24 15:15:39 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/21 12:10:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/21 12:10:27 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - homepage: http://www.google.com
CHR - Extension: AVG Secure Search = C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.1.0.21_0\
CHR - Extension: AVG Do Not Track = C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/08/10 09:53:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.146 68.87.85.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588FFEFA-9D51-4822-A0DA-3652C5F256A9}: DhcpNameServer = 68.87.69.146 68.87.85.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6886B1E-9A15-4B1A-AECF-8AC98AE49601}: DhcpNameServer = 68.87.69.146 68.87.85.98
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{bb4b0d05-857e-11e1-a06a-7071bc034f0c}\Shell - "" = AutoRun
O33 - MountPoints2\{bb4b0d05-857e-11e1-a06a-7071bc034f0c}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\J\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\J\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 09:58:11 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\GooredFix Backups
[2012/08/10 09:53:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/10 09:49:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\virus removal
[2012/08/06 11:16:04 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\rupture disk calculations
[2012/08/06 10:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/08/06 10:55:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/08/06 10:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/06 10:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/06 10:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/06 10:12:03 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/08/06 10:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/06 10:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/06 10:11:47 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\TestApp
[2012/07/31 09:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2012/07/30 15:43:34 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}
[2012/07/30 15:42:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/30 12:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/07/30 12:10:44 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/07/30 12:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/07/30 12:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/07/30 12:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/07/30 12:05:43 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/07/30 12:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/07/30 12:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/07/30 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Tiglax
[2012/07/30 09:20:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\NPE
[2012/07/26 11:06:01 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\VASSAL
[2012/07/26 11:05:41 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VASSAL
[2012/07/26 11:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VASSAL
[2012/07/26 11:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VASSAL
[2012/07/26 11:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/07/26 11:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/26 11:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/26 10:59:06 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\vassal
[2012/07/25 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\waterproof camera
[2012/07/24 15:16:28 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\AVG2012
[2012/07/24 15:15:48 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\AVG Secure Search
[2012/07/24 15:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/24 15:15:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/24 15:15:41 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/07/24 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/24 15:15:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/24 15:15:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/07/24 15:14:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/24 15:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/24 15:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/07/24 15:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/24 15:11:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/24 15:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/24 15:10:54 | 003,879,800 | ---- | C] (AVG Technologies) -- C:\Users\Stephanie\Desktop\avg_free_stb_all_2012_2197_cnet.exe
[2012/07/24 08:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolidWorks Corp
[2012/07/24 08:51:57 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\help_images_otherUI
[2012/07/24 08:51:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\SolidWorks Visual Studio Tools for Applications
[2012/07/24 08:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2012
[2012/07/24 08:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2012/07/24 08:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\SolidWorks Corp
[2012/07/24 08:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/07/24 08:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/07/24 08:41:58 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\Visual Studio 2005
[2012/07/24 08:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012/07/24 08:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/07/24 08:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
[2012/07/24 08:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager
[2012/07/24 08:38:20 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\SolidWorks Downloads
[2012/07/24 08:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SolidWorks
[2012/07/11 18:00:54 | 000,109,056 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysNative\siappdll.dll
[2012/07/11 17:54:50 | 000,085,504 | ---- | C] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 10:03:59 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 10:03:59 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 10:02:39 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/10 10:02:39 | 000,626,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/10 10:02:39 | 000,107,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/10 09:56:52 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/08/10 09:56:48 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 09:56:44 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/08/10 09:56:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 09:56:39 | 2140,479,487 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 09:53:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/10 09:10:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 08:28:36 | 103,525,852 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/08 19:11:00 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/06 16:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStephanie.job
[2012/08/06 10:55:36 | 000,002,245 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/06 10:12:47 | 002,026,168 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/08/02 18:47:30 | 000,063,413 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/31 09:43:27 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/07/31 09:43:27 | 000,002,306 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/07/30 15:21:41 | 000,001,137 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/30 12:24:58 | 005,014,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/30 12:10:20 | 000,000,715 | ---- | M] () -- C:\Users\Stephanie\Desktop\Settings.ini
[2012/07/30 12:10:13 | 037,329,920 | ---- | M] () -- C:\Users\Stephanie\Desktop\Office 2010 Toolkit.exe
[2012/07/30 09:26:01 | 000,001,389 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/07/30 09:10:30 | 000,027,520 | ---- | M] () -- C:\Users\Stephanie\AppData\Local\dt.dat
[2012/07/26 11:05:41 | 000,001,009 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\VASSAL.lnk
[2012/07/26 11:05:41 | 000,000,985 | ---- | M] () -- C:\Users\Stephanie\Desktop\VASSAL.lnk
[2012/07/24 15:15:44 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/24 15:15:41 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/07/24 15:15:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/24 15:15:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/24 15:11:17 | 003,879,800 | ---- | M] (AVG Technologies) -- C:\Users\Stephanie\Desktop\avg_free_stb_all_2012_2197_cnet.exe
[2012/07/24 12:03:26 | 003,444,736 | ---- | M] () -- C:\Users\Stephanie\Desktop\Solavei_Brand_Guidelines_Consumer_v4.indd
[2012/07/24 08:52:29 | 000,002,995 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,821 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk
[2012/07/24 08:52:03 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/07/24 08:51:57 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,751 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:39:27 | 000,001,334 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
[2012/07/11 18:02:28 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\Launch3DxGUI.cpl
[2012/07/11 18:00:54 | 000,109,056 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysNative\siappdll.dll
[2012/07/11 17:59:56 | 000,056,832 | ---- | M] () -- C:\Windows\SysNative\spwini.dll
[2012/07/11 17:54:50 | 000,085,504 | ---- | M] (3Dconnexion, Inc) -- C:\Windows\SysWow64\siappdll.dll
[2012/07/11 17:53:52 | 000,045,568 | ---- | M] () -- C:\Windows\SysWow64\spwini.dll
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 08:28:36 | 103,525,852 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/08/06 10:55:36 | 000,002,346 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/06 10:55:36 | 000,002,245 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/06 10:54:45 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/06 10:54:45 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/06 10:12:05 | 002,026,168 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/08/02 18:47:30 | 000,063,413 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/31 09:43:27 | 000,002,415 | ---- | C] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/07/31 09:43:27 | 000,002,306 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/07/30 12:27:07 | 000,001,137 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/30 12:10:44 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012/07/30 12:10:20 | 000,000,715 | ---- | C] () -- C:\Users\Stephanie\Desktop\Settings.ini
[2012/07/30 11:54:22 | 1617,412,096 | ---- | C] () -- C:\Users\Stephanie\Desktop\14.0.4763.1000_ProfessionalPlus_volume_ship_combo_en-us_dvd.iso
[2012/07/30 09:10:30 | 000,027,520 | ---- | C] () -- C:\Users\Stephanie\AppData\Local\dt.dat
[2012/07/26 11:05:41 | 000,001,009 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\VASSAL.lnk
[2012/07/26 11:05:41 | 000,000,985 | ---- | C] () -- C:\Users\Stephanie\Desktop\VASSAL.lnk
[2012/07/24 15:15:44 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/24 15:15:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/07/24 15:15:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/07/24 12:03:25 | 003,444,736 | ---- | C] () -- C:\Users\Stephanie\Desktop\Solavei_Brand_Guidelines_Consumer_v4.indd
[2012/07/24 08:52:29 | 000,002,995 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,821 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk
[2012/07/24 08:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/07/24 08:51:57 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,751 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,727 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:39:27 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
[2012/07/23 11:05:15 | 1774,213,119 | ---- | C] () -- C:\Users\Stephanie\Desktop\SolidWorks.Premium.2012.(64.bit).2011.PC.iso
[2012/07/11 18:02:28 | 000,045,056 | ---- | C] () -- C:\Windows\SysNative\Launch3DxGUI.cpl
[2012/07/11 17:59:56 | 000,056,832 | ---- | C] () -- C:\Windows\SysNative\spwini.dll
[2012/07/11 17:53:52 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2012/04/20 11:21:13 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/16 13:30:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/04/12 14:57:02 | 000,015,872 | R--- | C] () -- C:\Windows\SysWow64\ibfs32.dll
[2011/08/30 16:31:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

========== LOP Check ==========

[2012/04/13 08:45:05 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\3Dconnexion
[2011/08/26 12:00:24 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Autodesk
[2012/07/24 15:16:28 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\AVG2012
[2011/10/21 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/12 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\DassaultSystemes
[2012/03/01 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\FreeFileViewer
[2011/08/25 17:40:52 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\PictureMover
[2012/08/06 10:11:47 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\TestApp
[2011/10/19 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Tific
[2011/12/05 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\uTorrent
[2012/07/30 15:11:10 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\VASSAL
[2012/08/10 09:56:44 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/08/10 09:56:52 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2009/07/13 22:08:49 | 000,025,936 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello The-infected and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

# Step 1 #
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKLM\..\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd
    IE - HKCU\..\SearchScopes\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}: "URL" = http://findgala.com/...q={searchTerms}
    O33 - MountPoints2\{bb4b0d05-857e-11e1-a06a-7071bc034f0c}\Shell\AutoRun\command - "" = K:\TL-Bootstrap.ex
    [2011/10/15 17:46:47 | 000,000,935 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\searchplugins\conduit.xml
    [2011/11/17 15:55:05 | 000,001,210 | ---- | M] () -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\searchplugins\search.xml
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #
Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
The-Infected

The-Infected

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Thank you for the quick response. Below are the two log files:

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0AB2B52B-A949-4C8E-9F5A-8E84D6DAC622}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bb4b0d05-857e-11e1-a06a-7071bc034f0c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bb4b0d05-857e-11e1-a06a-7071bc034f0c}\ not found.
File K:\TL-Bootstrap.ex not found.
File C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\searchplugins\conduit.xml not found.
File C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\searchplugins\search.xml not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08102012_110251






aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 11:06:06
-----------------------------
11:06:06.638 OS Version: Windows x64 6.1.7601 Service Pack 1
11:06:06.638 Number of processors: 8 586 0x1A05
11:06:06.638 ComputerName: MUFFINMAN UserName: Stephanie
11:06:08.666 Initialize success
11:09:37.202 AVAST engine defs: 12081000
11:10:04.175 The log file has been saved successfully to "C:\Users\Stephanie\Desktop\virus removal\aswMBR.txt"
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

The aswMBR log is incomplete. Please, run aswMBR.exe again and post the log.

Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


  • 0

#5
The-Infected

The-Infected

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Sorry, I thought the log file looked a little sparse...try this one.


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 11:06:06
-----------------------------
11:06:06.638 OS Version: Windows x64 6.1.7601 Service Pack 1
11:06:06.638 Number of processors: 8 586 0x1A05
11:06:06.638 ComputerName: MUFFINMAN UserName: Stephanie
11:06:08.666 Initialize success
11:09:37.202 AVAST engine defs: 12081000
11:10:04.175 The log file has been saved successfully to "C:\Users\Stephanie\Desktop\virus removal\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-13 10:34:24
-----------------------------
10:34:24.574 OS Version: Windows x64 6.1.7601 Service Pack 1
10:34:24.574 Number of processors: 8 586 0x1A05
10:34:24.574 ComputerName: MUFFINMAN UserName: Stephanie
10:34:26.851 Initialize success
10:37:16.706 AVAST engine defs: 12081300
10:37:28.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:37:28.578 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 8
10:37:28.593 Disk 0 MBR read successfully
10:37:28.593 Disk 0 MBR scan
10:37:28.593 Disk 0 unknown MBR code
10:37:28.609 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:37:28.625 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 942417 MB offset 206848
10:37:28.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 11350 MB offset 1930276864
10:37:28.749 Disk 0 scanning C:\Windows\system32\drivers
10:37:35.567 Service scanning
10:37:55.332 Modules scanning
10:37:55.332 Disk 0 trace - called modules:
10:37:55.347 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:37:55.347 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab4790]
10:37:55.347 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800781f050]
10:37:57.500 AVAST engine scan C:\Windows
10:37:59.840 AVAST engine scan C:\Windows\system32
10:40:37.713 AVAST engine scan C:\Windows\system32\drivers
10:41:00.071 AVAST engine scan C:\Users\Stephanie
10:46:02.378 AVAST engine scan C:\ProgramData
10:46:46.529 Scan finished successfully
10:47:21.406 Disk 0 MBR has been saved successfully to "C:\Users\Stephanie\Desktop\virus removal\MBR.dat"
10:47:21.409 The log file has been saved successfully to "C:\Users\Stephanie\Desktop\virus removal\aswMBR.txt"
  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

THEN


Posted Image Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2
prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • 0

#7
The-Infected

The-Infected

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTL logfile created on: 8/13/2012 11:30:04 AM - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Stephanie\Desktop\virus removal
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.70 Gb Available Physical Memory | 83.83% Memory free
15.98 Gb Paging File | 14.52 Gb Available in Paging File | 90.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.33 Gb Total Space | 762.12 Gb Free Space | 82.81% Space Free | Partition Type: NTFS
Drive D: | 11.08 Gb Total Space | 1.60 Gb Free Space | 14.46% Space Free | Partition Type: NTFS

Computer Name: MUFFINMAN | User Name: Stephanie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 10:02:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Stephanie\Desktop\virus removal\OTL.exe
PRC - [2012/07/13 17:17:11 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/10/21 11:31:38 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
PRC - [2011/10/21 11:31:38 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
PRC - [2011/10/21 11:31:38 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
PRC - [2011/09/26 20:53:04 | 001,855,560 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe
PRC - [2009/12/03 06:00:00 | 005,724,472 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
PRC - [2009/12/03 06:00:00 | 000,587,264 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe
PRC - [2009/10/22 18:50:40 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/08/24 19:11:15 | 000,656,896 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/06/04 19:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe
PRC - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/13 17:17:14 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2009/10/22 18:50:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/12 12:28:38 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/09/27 04:00:24 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV:64bit: - [2010/02/11 04:05:44 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/12 17:39:54 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe -- (mi-raysat_3dsmax2010_64)
SRV - [2012/07/30 11:45:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/24 08:40:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/24 08:40:16 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/03 06:00:00 | 000,587,264 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\WIBUKEY\Server\WkSvW32.exe -- (WkSvw32.exe)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/15 01:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/02/11 04:24:04 | 006,368,256 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/02/11 03:11:12 | 000,188,416 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/01/28 15:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/03 06:00:00 | 000,103,224 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\WibuKey64.sys -- (WIBUKEY)
DRV:64bit: - [2009/08/07 08:59:18 | 000,016,896 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Wibukey2_64.sys -- (Wibukey2_64)
DRV:64bit: - [2009/07/18 06:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/12 11:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 08:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/04 08:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV - [2009/09/17 17:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/19 09:29:17] [Kernel | Auto | Running] -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}
IE:64bit: - HKLM\..\SearchScopes\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}
IE - HKLM\..\SearchScopes\{46B0D8E9-CAE4-4B60-8BAD-1CB1ACE9CF93}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-08-10 10:36:25&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..keyword.URL: "https://isearch.avg....6:25&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/10 10:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/02/03 12:11:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}: C:\Users\Stephanie\AppData\Local\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}\ [2012/07/30 15:43:34 | 000,000,000 | ---D | M]

[2011/08/30 11:13:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Extensions
[2012/05/04 13:41:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Stephanie\AppData\Roaming\Mozilla\Firefox\Profiles\u87xppst.default\extensions
[2012/08/10 10:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/30 15:43:34 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\STEPHANIE\APPDATA\LOCAL\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}
[2012/07/13 17:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/10 10:36:23 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/13 17:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 17:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.1.0.21_0\
CHR - Extension: No name found = C:\Users\Stephanie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/08/10 09:53:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PC-Doctor for Windows localizer] C:\Program Files\PC-Doctor for Windows\localizer.exe (PC-Doctor, Inc.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2431883818-4175444760-2811680146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.146 68.87.85.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588FFEFA-9D51-4822-A0DA-3652C5F256A9}: DhcpNameServer = 68.87.69.146 68.87.85.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6886B1E-9A15-4B1A-AECF-8AC98AE49601}: DhcpNameServer = 68.87.69.146 68.87.85.98
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\J\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\J\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Adobe CS4 Master Collection
[2012/08/10 11:02:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/10 10:46:09 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\HuluDesktop
[2012/08/10 10:42:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/10 09:58:11 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\GooredFix Backups
[2012/08/10 09:53:53 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/08/10 09:49:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\virus removal
[2012/08/06 11:16:04 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\rupture disk calculations
[2012/08/06 10:54:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/08/06 10:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/08/06 10:12:03 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/08/06 10:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/08/06 10:11:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/08/06 10:11:47 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\TestApp
[2012/07/31 09:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3Dconnexion
[2012/07/30 15:43:34 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\{FC5A9E52-DA97-11E1-8270-B8AC6F996F26}
[2012/07/30 15:42:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/07/30 12:13:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2012/07/30 12:10:44 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/07/30 12:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/07/30 12:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/07/30 12:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/07/30 12:05:43 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/07/30 12:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/07/30 12:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/07/30 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\Tiglax
[2012/07/30 09:20:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Local\NPE
[2012/07/26 11:06:01 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\VASSAL
[2012/07/26 11:05:41 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VASSAL
[2012/07/26 11:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VASSAL
[2012/07/26 11:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VASSAL
[2012/07/26 11:05:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/07/26 11:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/26 11:05:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/07/26 10:59:06 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\vassal
[2012/07/25 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Desktop\waterproof camera
[2012/07/24 15:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/24 15:14:53 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/07/24 15:14:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/07/24 15:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/07/24 15:11:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/07/24 15:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/24 08:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolidWorks Corp
[2012/07/24 08:51:57 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\AppData\Roaming\help_images_otherUI
[2012/07/24 08:51:24 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\SolidWorks Visual Studio Tools for Applications
[2012/07/24 08:47:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks 2012
[2012/07/24 08:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2012/07/24 08:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\SolidWorks Corp
[2012/07/24 08:42:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/07/24 08:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/07/24 08:41:58 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\Visual Studio 2005
[2012/07/24 08:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012/07/24 08:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/07/24 08:39:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SolidWorks Installation Manager
[2012/07/24 08:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SolidWorks Installation Manager
[2012/07/24 08:38:20 | 000,000,000 | ---D | C] -- C:\Users\Stephanie\Documents\SolidWorks Downloads
[2012/07/24 08:38:20 | 000,000,000 | ---D | C] -- C:\Windows\SolidWorks
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 11:28:24 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2012/08/13 11:28:23 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/08/13 11:28:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/13 11:28:11 | 2140,479,487 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 10:40:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 10:40:08 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 10:39:55 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/13 10:39:55 | 000,626,960 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/13 10:39:55 | 000,107,276 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/10 10:32:04 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/10 09:53:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/08/06 16:56:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForStephanie.job
[2012/08/06 10:12:47 | 002,026,168 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/31 09:43:27 | 000,002,415 | ---- | M] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/07/31 09:43:27 | 000,002,306 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/07/30 15:21:41 | 000,001,137 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/30 12:24:58 | 005,014,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/30 12:10:20 | 000,000,715 | ---- | M] () -- C:\Users\Stephanie\Desktop\Settings.ini
[2012/07/30 12:10:13 | 037,329,920 | ---- | M] () -- C:\Users\Stephanie\Desktop\Office 2010 Toolkit.exe
[2012/07/30 09:26:01 | 000,001,389 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/07/30 09:10:30 | 000,027,520 | ---- | M] () -- C:\Users\Stephanie\AppData\Local\dt.dat
[2012/07/26 11:05:41 | 000,001,009 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\VASSAL.lnk
[2012/07/26 11:05:41 | 000,000,985 | ---- | M] () -- C:\Users\Stephanie\Desktop\VASSAL.lnk
[2012/07/24 12:03:26 | 003,444,736 | ---- | M] () -- C:\Users\Stephanie\Desktop\Solavei_Brand_Guidelines_Consumer_v4.indd
[2012/07/24 08:52:29 | 000,002,995 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,821 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk
[2012/07/24 08:52:03 | 000,000,000 | ---- | M] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/07/24 08:51:57 | 000,002,087 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,751 | ---- | M] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,727 | ---- | M] () -- C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:39:27 | 000,001,334 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
[5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/13 10:55:23 | 3225,445,169 | ---- | C] () -- C:\Users\Stephanie\Desktop\Adobe CS4 Master Collection.rar
[2012/08/06 10:12:05 | 002,026,168 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/31 09:43:27 | 000,002,415 | ---- | C] () -- C:\Users\Public\Desktop\3D Mouse Home.lnk
[2012/07/31 09:43:27 | 000,002,306 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start 3DxWare.lnk
[2012/07/30 12:27:07 | 000,001,137 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/07/30 12:10:44 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012/07/30 12:10:20 | 000,000,715 | ---- | C] () -- C:\Users\Stephanie\Desktop\Settings.ini
[2012/07/30 11:54:22 | 1617,412,096 | ---- | C] () -- C:\Users\Stephanie\Desktop\14.0.4763.1000_ProfessionalPlus_volume_ship_combo_en-us_dvd.iso
[2012/07/30 09:10:30 | 000,027,520 | ---- | C] () -- C:\Users\Stephanie\AppData\Local\dt.dat
[2012/07/26 11:05:41 | 000,001,009 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\VASSAL.lnk
[2012/07/26 11:05:41 | 000,000,985 | ---- | C] () -- C:\Users\Stephanie\Desktop\VASSAL.lnk
[2012/07/24 12:03:25 | 003,444,736 | ---- | C] () -- C:\Users\Stephanie\Desktop\Solavei_Brand_Guidelines_Consumer_v4.indd
[2012/07/24 08:52:29 | 000,002,995 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,821 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2012.lnk
[2012/07/24 08:52:29 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012.lnk
[2012/07/24 08:52:03 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2012/07/24 08:51:57 | 000,002,087 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks eDrawings 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,751 | ---- | C] () -- C:\Users\Stephanie\Application Data\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:47:25 | 000,002,727 | ---- | C] () -- C:\Users\Public\Desktop\SolidWorks 2012 x64 Edition.lnk
[2012/07/24 08:39:27 | 000,001,334 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
[2012/07/23 11:05:15 | 1774,213,119 | ---- | C] () -- C:\Users\Stephanie\Desktop\SolidWorks.Premium.2012.(64.bit).2011.PC.iso
[2012/07/11 17:53:52 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\spwini.dll
[2012/04/20 11:21:13 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/16 13:30:55 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2012/04/12 14:57:02 | 000,015,872 | R--- | C] () -- C:\Windows\SysWow64\ibfs32.dll
[2011/08/30 16:31:41 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI

========== LOP Check ==========

[2012/04/13 08:45:05 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\3Dconnexion
[2011/08/26 12:00:24 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Autodesk
[2011/10/21 16:22:55 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/12 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\DassaultSystemes
[2012/03/01 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\FreeFileViewer
[2011/08/25 17:40:52 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\PictureMover
[2012/08/06 10:11:47 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\TestApp
[2011/10/19 19:24:33 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\Tific
[2011/12/05 14:37:07 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\uTorrent
[2012/08/13 11:26:48 | 000,000,000 | ---D | M] -- C:\Users\Stephanie\AppData\Roaming\VASSAL
[2012/08/13 11:28:23 | 000,000,272 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/08/13 11:28:24 | 000,000,410 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
[2009/07/13 22:08:49 | 000,027,448 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >



Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Stephanie :: MUFFINMAN [administrator]

Protection: Enabled

8/13/2012 11:36:34 AM
mbam-log-2012-08-13 (11-36-34).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 484853
Time elapsed: 36 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files\SolidWorks\lz-solidworks11x64.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SolidWorksx86\lz-solidworks11x64.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Stephanie\Downloads\FreeFileViewer2011Setup.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)
  • 0

#8
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?
  • 0

#9
The-Infected

The-Infected

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
The redirecting is still occuring...about once every 20 clicks or so.
  • 0

#10
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
For what website you are redirected? Happens in any browser?

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

  • 0

Advertisements


#11
The-Infected

The-Infected

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Stephanie\Desktop\virus removal\cmd.bat deleted successfully.
C:\Users\Stephanie\Desktop\virus removal\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Stephanie
->Temp folder emptied: 9121131197 bytes
->Temporary Internet Files folder emptied: 68305529 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 66199791 bytes
->Google Chrome cache emptied: 6683083 bytes
->Flash cache emptied: 59327 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2544640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 166325 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045600 bytes
RecycleBin emptied: 21890718232 bytes

Total Files Cleaned = 29,747.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08152012_101130

Files\Folders moved on Reboot...
C:\Users\Stephanie\AppData\Local\Temp\citrixlogs\gotomeeting\723\G2MOutlookAddin.log moved successfully.
C:\Users\Stephanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Stephanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{40D162DC-CF9C-4EF8-8395-591A87EFCDDB}.tmp not found!
File\Folder C:\Users\Stephanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7246F795-3531-4938-B073-08578C9F49B9}.tmp not found!
File\Folder C:\Users\Stephanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{922324F4-FD2F-4100-BCF4-6E5E3B6D1DCF}.tmp not found!
C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\urlclassifier3.sqlite moved successfully.

PendingFileRenameOperations files...
File C:\Users\Stephanie\AppData\Local\Temp\citrixlogs\gotomeeting\723\G2MOutlookAddin.log not found!
File C:\Users\Stephanie\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Stephanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{40D162DC-CF9C-4EF8-8395-591A87EFCDDB}.tmp not found!
File C:\Users\Stephanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{7246F795-3531-4938-B073-08578C9F49B9}.tmp not found!
File C:\Users\Stephanie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{922324F4-FD2F-4100-BCF4-6E5E3B6D1DCF}.tmp not found!
File C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\startupCache\startupCache.4.little not found!
File C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_001_ not found!
File C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_002_ not found!
File C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_003_ not found!
File C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\Cache\_CACHE_MAP_ not found!
File C:\Users\Stephanie\AppData\Local\Mozilla\Firefox\Profiles\u87xppst.default\urlclassifier3.sqlite not found!

Registry entries deleted on Reboot...
  • 0

#12
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

The redirecting is still occuring...about once every 20 clicks or so.

For what website you are redirected? Happens in any browser?
  • 0

#13
The-Infected

The-Infected

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
When I open firefox, the anti-virus program you had me installed said that it has "successfully blocked" an IP address. I searched for "sight glass" in google, and when i click on the first page, it sent me to this site:

http://96.43.128.195...92f599df5034ad0

It was identified as an attack page and blocked, this time, but sometimes, it sends me to a crappy search results site with some of the keywords i have searched for (doesn't only happen when searching "sight glass").

I only use firefox, so I do not know if this happens with other browsers. i will check. Thank you.
  • 0

#14
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box:
  • Write (Copy/Paste) Firefox -safe-mode. Then click in Ok.
  • Click the button Continue in Safe Mode
    Posted Image
Now, see if you are redirect to any website using Firefox in Safe Mode
  • 0

#15
The-Infected

The-Infected

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
I have not been redirected when running in safe mode. I am still getting a message that Malwarebites is blocking a potentially dangerous site (and gives an IP address) every time I open the browser.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP