Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems running Smitfraudfix [Solved]


  • This topic is locked This topic is locked

#1
spriteking

spriteking

    Member

  • Member
  • PipPip
  • 14 posts
Hi,

I have had a blue screen problem for the past week or so. I am pretty sure the issue is related to a virus due to my research (somewhat limited) -- when my computer receives a blue screen it automatically restarts itself before I can read what it says. I found that running smitfraudfix.exe is one way to solve/remove viruses of this type. Yet, when I go to run Smitfraudfix the command prompt closes. The last line I can read on the command prompt before it closes is "Deleting infected files..." then it closes and leave me at a black screen in Safe Mode. I am assuming that the virus I had is somehow blocking this Smitfraudfix "clean" function.
I stumbled onto this site and am reaching out for help due to the severity of my issue combined with my limited computer troubleshooting experience. I did download OTL and ran the "Quick Scan" option. I am providing the output of that scan in this topic to provide more details. Any help will be appreciated.

Thanks in advance.

-Spriteking



OTL logfile created on: 9/21/2012 00:10:28 - Run 1
OTL by OldTimer - Version 3.2.65.0 Folder = C:\Users\Trent\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.86 Gb Total Physical Memory | 13.70 Gb Available Physical Memory | 86.41% Memory free
31.71 Gb Paging File | 29.21 Gb Available in Paging File | 92.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 812.72 Gb Free Space | 87.26% Space Free | Partition Type: NTFS

Computer Name: TRENTYS-PC | User Name: Trent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/21 00:09:48 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Trent\Desktop\OTL.exe
PRC - [2012/09/16 02:03:16 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/16 02:03:15 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/09/16 01:56:52 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/29 11:23:10 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/20 22:25:10 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Sidebar\sidebar.exe
PRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/16 02:03:19 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/16 02:03:17 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/16 02:03:15 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/09/16 01:56:52 | 002,098,200 | ---- | M] () -- c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll
MOD - [2012/09/16 01:56:52 | 001,701,400 | ---- | M] () -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
MOD - [2012/08/29 21:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
MOD - [2012/08/29 21:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
MOD - [2012/08/29 21:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
MOD - [2012/08/29 21:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
MOD - [2012/08/29 21:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
MOD - [2012/08/29 21:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
MOD - [2012/08/29 21:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
MOD - [2012/08/29 21:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/27 21:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/09/16 02:03:16 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/16 01:56:52 | 001,701,400 | ---- | M] () [Auto | Running] -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:53:32 | 001,286,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/16 02:03:18 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/13 16:40:52 | 000,150,880 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/08/10 04:52:38 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/10 04:52:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/08/10 04:52:16 | 000,040,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/09 13:56:42 | 000,230,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/08/09 13:56:34 | 000,060,768 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/08/09 13:56:20 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/07/27 23:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 20:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/28 22:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/07/28 22:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/07/06 05:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011/05/31 22:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/11/20 22:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/20 22:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/01/27 17:25:42 | 001,584,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F FA 41 E2 66 7A CD 01 [binary data]
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{27EB2828-FE87-4082-AC4E-D1A5FA1DAD6A}: "URL" = http://websearch.ask...63-22A1498F539B
IE - HKCU\..\SearchScopes\{7854EF66-31D4-4bd2-9772-3D6012CD601B}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKCU\..\SearchScopes\{89DFC629-068A-4d75-8568-22349CAE62DD}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-09-16 02:03:21&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{E3C43F43-4D29-4235-AF04-D6FEF72AFC30}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trent\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trent\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/16 02:03:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension


========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Trent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Babylon Toolbar = C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\
CHR - Extension: AdBlock = C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: AVG Secure Search = C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\
CHR - Extension: AVG Secure Search = C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\

O1 HOSTS File: ([2012/09/20 23:57:29 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F42E9DE-0EA6-411B-8810-3F813340B0A9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 00:09:48 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Trent\Desktop\OTL.exe
[2012/09/20 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Trent\Desktop\SmitfraudFix
[2012/09/20 23:19:56 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysNative\VCCLSID.exe
[2012/09/20 23:19:56 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysNative\SrchSTS.exe
[2012/09/20 23:19:56 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swreg.exe
[2012/09/20 23:19:56 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\VACFix.exe
[2012/09/20 23:19:56 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.exe
[2012/09/20 23:19:56 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.C.exe
[2012/09/20 23:19:56 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\404Fix.exe
[2012/09/20 23:19:56 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\o4Patch.exe
[2012/09/20 23:19:56 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swxcacls.exe
[2012/09/20 23:19:56 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\Agent.OMZ.Fix.exe
[2012/09/20 23:19:56 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysNative\Process.exe
[2012/09/20 23:11:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/17 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\Mozilla
[2012/09/16 19:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/16 19:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/16 02:16:22 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2012/09/16 02:16:22 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2012/09/16 02:16:22 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2012/09/16 02:16:22 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2012/09/16 02:16:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2012/09/16 02:16:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2012/09/16 02:16:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2012/09/16 02:16:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2012/09/16 02:16:22 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2012/09/16 02:16:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2012/09/16 02:12:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/16 02:05:45 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\AVG2013
[2012/09/16 02:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/16 02:03:18 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/16 02:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/09/16 01:56:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/15 11:18:41 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\AVG Secure Search
[2012/09/15 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\TuneUp Software
[2012/09/15 11:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/15 11:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/09/15 11:16:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/15 11:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/15 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/09/15 11:13:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/15 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\MFAData
[2012/09/15 11:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/15 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\Avg2013
[2012/09/15 09:41:07 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2012/09/15 09:20:52 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\Malwarebytes
[2012/09/15 09:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/15 09:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/15 09:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/13 18:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/09/13 17:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/09/13 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\Diagnostics
[2012/09/08 14:19:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/05 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/09/01 00:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/09/01 00:18:20 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\SystemRequirementsLab
[2012/09/01 00:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/01 00:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/01 00:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/01 00:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/31 10:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/31 10:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/28 16:06:19 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\APN
[2012/08/28 07:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/08/28 07:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/08/25 12:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/08/25 10:20:57 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\Skype
[2012/08/25 10:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2012/09/21 00:09:48 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Trent\Desktop\OTL.exe
[2012/09/21 00:08:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 00:07:58 | 4179,451,902 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/20 23:57:31 | 000,001,792 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2012/09/20 23:57:31 | 000,000,691 | ---- | M] () -- C:\Users\Trent\AppData\Roaming\GetValue.vbs
[2012/09/20 23:57:31 | 000,000,035 | ---- | M] () -- C:\Users\Trent\AppData\Roaming\SetValue.bat
[2012/09/20 23:57:29 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 23:22:14 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/20 23:22:14 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/20 23:22:14 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/20 23:16:53 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 23:16:53 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 23:15:57 | 001,885,088 | ---- | M] () -- C:\Users\Trent\Desktop\Smitfraud.exe
[2012/09/20 23:12:15 | 625,406,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/18 23:32:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2537620459-4172844123-2809127833-1000UA.job
[2012/09/18 19:32:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2537620459-4172844123-2809127833-1000Core.job
[2012/09/16 19:06:53 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/16 02:12:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/16 02:03:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/16 02:03:18 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/05 18:09:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/09/04 09:32:58 | 000,002,455 | ---- | M] () -- C:\Users\Trent\Desktop\Google Chrome.lnk
[2012/08/31 10:39:26 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/25 11:54:56 | 000,001,239 | ---- | M] () -- C:\Users\Trent\Desktop\Play League of Legends.lnk

========== Files Created - No Company Name ==========

[2012/09/20 23:19:56 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\WS2Fix.exe
[2012/09/20 23:19:56 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\dumphive.exe
[2012/09/20 23:19:56 | 000,040,960 | ---- | C] () -- C:\Windows\SysNative\swsc.exe
[2012/09/20 23:15:54 | 001,885,088 | ---- | C] () -- C:\Users\Trent\Desktop\Smitfraud.exe
[2012/09/16 19:06:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/16 02:16:31 | 000,001,792 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2012/09/16 02:16:31 | 000,000,691 | ---- | C] () -- C:\Users\Trent\AppData\Roaming\GetValue.vbs
[2012/09/16 02:16:31 | 000,000,035 | ---- | C] () -- C:\Users\Trent\AppData\Roaming\SetValue.bat
[2012/09/16 02:16:22 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2012/09/16 02:16:22 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2012/09/16 02:16:22 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/09/16 02:12:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/16 02:03:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/16 01:56:03 | 625,406,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/05 18:09:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/31 10:39:26 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/25 11:54:56 | 000,001,239 | ---- | C] () -- C:\Users\Trent\Desktop\Play League of Legends.lnk
[2012/08/14 16:59:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/14 16:37:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/08/14 16:32:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/19 23:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/03/19 23:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:23:38 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2012/09/16 02:05:45 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\AVG2013
[2012/08/14 18:09:51 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\Babylon
[2012/09/16 00:59:37 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\BabylonToolbar
[2012/08/14 17:08:33 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\e-academy Inc
[2012/08/16 21:02:55 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\LolClient
[2012/08/14 19:58:15 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\Splashtop
[2012/09/16 00:59:38 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\SystemRequirementsLab
[2012/09/15 11:18:31 | 000,000,000 | ---D | M] -- C:\Users\Trent\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Smitfraudfix Advice:

If not aware Smitfraudfix has not been updated in a very long time nor is it Windows 7 64 bit compatible far as I am aware...

So my friendly advice is do not use if for anything else and we can remove it fully when I give the all clear OK.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate download is here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R1.

Scan with aswMBR:

Please download aswMBR.exe to your desktop.

  • Right-click on aswMBR.exe and select Run as Administrator to launch the application.
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • AdwCleaner Log.
  • aswMBR Log.

  • 0

#3
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Dakeyras,

Thank you for your quick and thorough response.

So far my computer is running fine and I have had no further symptoms, but my computer has only been on for maybe 15 minutes. I turned it off last night and did not turn it on again until I saw your post. I did run both programs that you requested and will post their respective logs.
Thanks again.

-Spriteking




AdwCleaner:
# AdwCleaner v2.002 - Logfile created 09/21/2012 at 14:01:08
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Trent - TRENTYS-PC
# Boot Mode : Normal
# Running from : C:\Users\Trent\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\splashtop
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\splashtop
Folder Found : C:\Users\Trent\AppData\Local\APN
Folder Found : C:\Users\Trent\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\Trent\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Trent\AppData\Local\Temp\[email protected]
Folder Found : C:\Users\Trent\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Trent\AppData\Roaming\Babylon
Folder Found : C:\Users\Trent\AppData\Roaming\BabylonToolbar
Folder Found : C:\Users\Trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\Trent\AppData\Roaming\splashtop

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6447 octets] - [21/09/2012 14:01:08]

########## EOF - C:\AdwCleaner[R1].txt - [6507 octets] ##########



AswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-21 14:02:36
-----------------------------
14:02:36.934 OS Version: Windows x64 6.1.7601 Service Pack 1
14:02:36.934 Number of processors: 4 586 0x3A09
14:02:36.934 ComputerName: TRENTYS-PC UserName: Trent
14:02:38.369 Initialize success
14:02:48.410 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:02:48.410 Disk 0 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 3
14:02:48.410 Disk 0 MBR read successfully
14:02:48.426 Disk 0 MBR scan
14:02:48.426 Disk 0 Windows 7 default MBR code
14:02:48.426 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:02:48.426 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
14:02:48.441 Disk 0 scanning C:\Windows\system32\drivers
14:02:51.748 Service scanning
14:03:00.516 Modules scanning
14:03:00.516 Disk 0 trace - called modules:
14:03:00.531 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
14:03:00.531 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dc03060]
14:03:00.531 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800d8a2060]
14:03:00.531 Scan finished successfully
14:03:35.070 Disk 0 MBR has been saved successfully to "C:\Users\Trent\Desktop\MBR.dat"
14:03:35.070 The log file has been saved successfully to "C:\Users\Trent\Desktop\aswMBR.txt"
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Thank you for your quick and thorough response.

You're welcome!

So far my computer is running fine and I have had no further symptoms, but my computer has only been on for maybe 15 minutes. I turned it off last night and did not turn it on again until I saw your post. I did run both programs that you requested and will post their respective logs.

OK and thanks for the update...

Have you got a copy of the Windows 7 64 Bit Installation DVD in-case we need to make use of it?

Create a System Restore Point:

  • Right click on Computer and select Properties >> System protection >> Create....
  • Give this restore point a descriptive name(say like GTG Help for example) and click on Create.
  • When the new restore point is created, acknowledge the prompt and click on OK >> close the System Properties window.
Note: If unable to actually create a System Restore point, inform myself before proceeding any further...

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Re-scan with AdwCleaner:

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Delete tab >> reboot your machine if prompted.
  • Please post the contents of the new log-file created in your next post.
Note: The log can also be located at C: >> AdwCleaner[XX].txt >> XX <-- denotes the number of times the application has been ran, so in this case may be something like R2 or S1 for example.
  • 0

#5
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Dakeyras,

I do have a copy of the Windows 7 64 Bit Installation DVD.
Additionally, I have done all tasks you have requested. I created a system restore point, I backed up the registry using ERUNT, and I ran the "Delete" function on AdwCleaner. Here is the log file associated with the aforementioned run of AdwCleaner.

Thanks,
Spriteking


# AdwCleaner v2.002 - Logfile created 09/21/2012 at 15:10:16
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Trent - TRENTYS-PC
# Boot Mode : Normal
# Running from : C:\Users\Trent\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\splashtop
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\splashtop
Folder Deleted : C:\Users\Trent\AppData\Local\APN
Folder Deleted : C:\Users\Trent\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Deleted : C:\Users\Trent\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Trent\AppData\Local\Temp\[email protected]
Folder Deleted : C:\Users\Trent\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Trent\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Trent\AppData\Roaming\BabylonToolbar
Folder Deleted : C:\Users\Trent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Trent\AppData\Roaming\splashtop

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v21.0.1180.89

File : C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6564 octets] - [21/09/2012 14:01:08]
AdwCleaner[S1].txt - [6905 octets] - [21/09/2012 15:10:16]

########## EOF - C:\AdwCleaner[S1].txt - [6965 octets] ##########
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I do have a copy of the Windows 7 64 Bit Installation DVD.
Additionally, I have done all tasks you have requested. I created a system restore point, I backed up the registry using ERUNT

OK/good etc. Lets proceed as follows shall we...

Re-scan with OTL:

OTL has been recently updated, so delete your current version(and all logs if still present). Then empty the Recycle Bin.

Then download the updated version of OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#7
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Dakeyras,

Computer seems to be running fine. No further symptoms or problems thus far. I will be posting the two OTL Notepad files in the following replies.

-Spriteking
  • 0

#8
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL.txt


OTL logfile created on: 9/21/2012 3:44:06 PM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Trent\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.86 Gb Total Physical Memory | 13.70 Gb Available Physical Memory | 86.41% Memory free
31.71 Gb Paging File | 29.26 Gb Available in Paging File | 92.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 813.59 Gb Free Space | 87.35% Space Free | Partition Type: NTFS

Computer Name: TRENTYS-PC | User Name: Trent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Trent\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll ()
MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll ()
MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll ()
MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll ()
MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll ()
MOD - C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3F FA 41 E2 66 7A CD 01 [binary data]
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\..\SearchScopes\{27EB2828-FE87-4082-AC4E-D1A5FA1DAD6A}: "URL" = http://websearch.ask...63-22A1498F539B
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\..\SearchScopes\{7854EF66-31D4-4bd2-9772-3D6012CD601B}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\..\SearchScopes\{89DFC629-068A-4d75-8568-22349CAE62DD}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\..\SearchScopes\{E3C43F43-4D29-4235-AF04-D6FEF72AFC30}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Trent\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Trent\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Trent\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)



========== Chrome ==========

CHR - homepage: http://www.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Trent\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: AdBlock = C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\

O1 HOSTS File: ([2012/09/20 23:57:29 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2537620459-4172844123-2809127833-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F42E9DE-0EA6-411B-8810-3F813340B0A9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/21 15:42:47 | 000,600,576 | ---- | C] (OldTimer Tools) -- C:\Users\Trent\Desktop\OTL.exe
[2012/09/21 15:08:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/09/21 15:06:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/09/21 15:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/09/21 14:01:55 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Trent\Desktop\aswMBR.exe
[2012/09/20 23:57:24 | 000,000,000 | ---D | C] -- C:\Users\Trent\Desktop\SmitfraudFix
[2012/09/20 23:19:56 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysNative\VCCLSID.exe
[2012/09/20 23:19:56 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysNative\SrchSTS.exe
[2012/09/20 23:19:56 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swreg.exe
[2012/09/20 23:19:56 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\VACFix.exe
[2012/09/20 23:19:56 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.exe
[2012/09/20 23:19:56 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\IEDFix.C.exe
[2012/09/20 23:19:56 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\404Fix.exe
[2012/09/20 23:19:56 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\o4Patch.exe
[2012/09/20 23:19:56 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysNative\swxcacls.exe
[2012/09/20 23:19:56 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysNative\Agent.OMZ.Fix.exe
[2012/09/20 23:19:56 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysNative\Process.exe
[2012/09/20 23:11:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/17 23:48:28 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\Mozilla
[2012/09/16 19:06:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/16 19:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/16 02:16:22 | 000,289,144 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\VCCLSID.exe
[2012/09/16 02:16:22 | 000,288,417 | ---- | C] (S!Ri) -- C:\Windows\SysWow64\SrchSTS.exe
[2012/09/16 02:16:22 | 000,135,168 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swreg.exe
[2012/09/16 02:16:22 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\VACFix.exe
[2012/09/16 02:16:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.exe
[2012/09/16 02:16:22 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\IEDFix.C.exe
[2012/09/16 02:16:22 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\404Fix.exe
[2012/09/16 02:16:22 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\o4Patch.exe
[2012/09/16 02:16:22 | 000,079,360 | ---- | C] (SteelWerX) -- C:\Windows\SysWow64\swxcacls.exe
[2012/09/16 02:16:22 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\Windows\SysWow64\Agent.OMZ.Fix.exe
[2012/09/16 02:12:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/16 02:05:45 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\AVG2013
[2012/09/16 02:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/16 02:03:18 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/16 02:01:41 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/16 02:01:32 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/16 02:01:15 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/16 02:01:15 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/16 01:56:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/15 11:18:31 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\TuneUp Software
[2012/09/15 11:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/09/15 11:16:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/15 11:16:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/15 11:16:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/09/15 11:13:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/15 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\MFAData
[2012/09/15 11:13:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/15 11:13:16 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\Avg2013
[2012/09/15 09:41:07 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\Windows\SysWow64\Process.exe
[2012/09/15 09:20:52 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\Malwarebytes
[2012/09/15 09:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/15 09:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/15 09:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/13 18:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/09/13 17:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012/09/13 17:38:42 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Local\Diagnostics
[2012/09/08 14:19:29 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/05 18:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2012/09/01 00:19:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2012/09/01 00:18:20 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\SystemRequirementsLab
[2012/09/01 00:18:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/09/01 00:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/09/01 00:17:58 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/01 00:17:58 | 000,746,984 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/01 00:17:58 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/01 00:17:50 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/01 00:17:50 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/01 00:17:50 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/01 00:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/09/01 00:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/08/31 10:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2012/08/31 10:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guild Wars 2
[2012/08/28 07:55:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/08/28 07:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012/08/25 12:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/08/25 12:51:02 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/08/25 10:20:57 | 000,000,000 | ---D | C] -- C:\Users\Trent\AppData\Roaming\Skype
[2012/08/25 10:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2012/09/21 15:42:47 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\Trent\Desktop\OTL.exe
[2012/09/21 15:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2537620459-4172844123-2809127833-1000UA.job
[2012/09/21 15:19:53 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 15:19:53 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/21 15:17:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/21 15:17:08 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/21 15:17:08 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/21 15:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/21 15:12:38 | 4179,451,902 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/21 15:06:36 | 000,000,928 | ---- | M] () -- C:\Users\Trent\Desktop\NTREGOPT.lnk
[2012/09/21 15:06:36 | 000,000,909 | ---- | M] () -- C:\Users\Trent\Desktop\ERUNT.lnk
[2012/09/21 14:37:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2537620459-4172844123-2809127833-1000Core.job
[2012/09/21 14:03:35 | 000,000,512 | ---- | M] () -- C:\Users\Trent\Desktop\MBR.dat
[2012/09/21 14:02:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Trent\Desktop\aswMBR.exe
[2012/09/21 13:59:53 | 000,512,737 | ---- | M] () -- C:\Users\Trent\Desktop\adwcleaner.exe
[2012/09/20 23:57:31 | 000,001,792 | ---- | M] () -- C:\Windows\SysWow64\tmp.reg
[2012/09/20 23:57:31 | 000,000,691 | ---- | M] () -- C:\Users\Trent\AppData\Roaming\GetValue.vbs
[2012/09/20 23:57:31 | 000,000,035 | ---- | M] () -- C:\Users\Trent\AppData\Roaming\SetValue.bat
[2012/09/20 23:57:29 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/20 23:15:57 | 001,885,088 | ---- | M] () -- C:\Users\Trent\Desktop\Smitfraud.exe
[2012/09/20 23:12:15 | 625,406,533 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/16 19:06:53 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/16 02:12:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/16 02:03:42 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/16 02:03:18 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/05 18:09:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/09/04 09:32:58 | 000,002,455 | ---- | M] () -- C:\Users\Trent\Desktop\Google Chrome.lnk
[2012/09/01 00:17:44 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/09/01 00:17:44 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/01 00:17:44 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/01 00:17:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/01 00:17:44 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/01 00:17:44 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/08/31 10:39:26 | 000,000,936 | ---- | M] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/25 11:54:56 | 000,001,239 | ---- | M] () -- C:\Users\Trent\Desktop\Play League of Legends.lnk

========== Files Created - No Company Name ==========

[2012/09/21 15:06:36 | 000,000,928 | ---- | C] () -- C:\Users\Trent\Desktop\NTREGOPT.lnk
[2012/09/21 15:06:36 | 000,000,909 | ---- | C] () -- C:\Users\Trent\Desktop\ERUNT.lnk
[2012/09/21 14:03:35 | 000,000,512 | ---- | C] () -- C:\Users\Trent\Desktop\MBR.dat
[2012/09/21 13:59:52 | 000,512,737 | ---- | C] () -- C:\Users\Trent\Desktop\adwcleaner.exe
[2012/09/20 23:19:56 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\WS2Fix.exe
[2012/09/20 23:19:56 | 000,051,200 | ---- | C] () -- C:\Windows\SysNative\dumphive.exe
[2012/09/20 23:19:56 | 000,040,960 | ---- | C] () -- C:\Windows\SysNative\swsc.exe
[2012/09/20 23:15:54 | 001,885,088 | ---- | C] () -- C:\Users\Trent\Desktop\Smitfraud.exe
[2012/09/16 19:06:53 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/09/16 02:16:31 | 000,001,792 | ---- | C] () -- C:\Windows\SysWow64\tmp.reg
[2012/09/16 02:16:31 | 000,000,691 | ---- | C] () -- C:\Users\Trent\AppData\Roaming\GetValue.vbs
[2012/09/16 02:16:31 | 000,000,035 | ---- | C] () -- C:\Users\Trent\AppData\Roaming\SetValue.bat
[2012/09/16 02:16:22 | 000,075,776 | ---- | C] () -- C:\Windows\SysWow64\WS2Fix.exe
[2012/09/16 02:16:22 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\dumphive.exe
[2012/09/16 02:16:22 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\swsc.exe
[2012/09/16 02:12:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/16 02:03:42 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/16 01:56:03 | 625,406,533 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/05 18:09:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/08/31 10:39:26 | 000,000,936 | ---- | C] () -- C:\Users\Public\Desktop\Guild Wars 2.lnk
[2012/08/25 11:54:56 | 000,001,239 | ---- | C] () -- C:\Users\Trent\Desktop\Play League of Legends.lnk
[2012/08/14 16:59:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/14 16:37:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2012/08/14 16:32:16 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/19 23:37:12 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012/03/19 23:37:12 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012/03/19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/19 22:23:38 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

< End of report >
  • 0

#9
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Extra.txt


OTL Extras logfile created on: 9/21/2012 3:44:06 PM - Run 2
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\Trent\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.86 Gb Total Physical Memory | 13.70 Gb Available Physical Memory | 86.41% Memory free
31.71 Gb Paging File | 29.26 Gb Available in Paging File | 92.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 813.59 Gb Free Space | 87.35% Space Free | Partition Type: NTFS

Computer Name: TRENTYS-PC | User Name: Trent | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{072DFB53-084C-4D22-AE04-C054CAD8B1F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{12B5DF1D-3AB6-4D4C-9A5A-5A2A8379EB12}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{16A3F684-EB92-4133-8FE4-4F10450E0675}" = lport=445 | protocol=6 | dir=in | app=system |
"{34873594-BA52-4BDC-9F94-BD07FA9E65BB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3E23ACB9-3D54-4A08-87EE-1CF1B06FD454}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44F47470-994E-4D5E-99E5-76DEB437C42A}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F5BA90C-F6DA-4E26-8239-397FDCA28C37}" = lport=138 | protocol=17 | dir=in | app=system |
"{683CE2F1-04AB-4654-8DDD-E28E72FE7EB5}" = rport=139 | protocol=6 | dir=out | app=system |
"{68CDAA2F-9D7D-4864-9933-3D12D0EDDF52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{730C5D62-A4E8-47CC-B71D-DA14D00D673B}" = rport=138 | protocol=17 | dir=out | app=system |
"{792155F2-220E-474B-B615-202F11C50370}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A52C957A-D5C2-428B-BADD-FF167DF768B0}" = lport=57355 | protocol=17 | dir=in | name=pando media booster |
"{A55D8BB8-0E03-4012-AB00-D005EB3256CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B011ABFA-E138-4FBB-9427-D3FBD343FC68}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B68E0DC1-1F72-4591-AA9D-55E468198AF8}" = rport=137 | protocol=17 | dir=out | app=system |
"{B7189AB3-1FC6-470D-91B5-54C73A6D2CD4}" = lport=57355 | protocol=6 | dir=in | name=pando media booster |
"{B8FBDDF4-4F60-4E1C-AE17-79020E3D78D4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA99F3B6-A74C-4424-9AC3-A6231B8AD064}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BC295491-8E72-47DC-90BC-B8B42EBD2AB2}" = lport=137 | protocol=17 | dir=in | app=system |
"{C146F1A5-8517-443F-95D2-D6C992AFAA04}" = lport=57355 | protocol=17 | dir=in | name=pando media booster |
"{C4E3B695-6454-4187-AA86-D903137DF382}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{C666E83C-DE26-4F48-9E6C-6968C30B9F4A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5F1F51F-B986-4D84-93B0-1407EED30A3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6E9E110-5170-465C-917E-D1089A630AAB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1827B9B-F8D5-4C64-80E4-795D382F6BA1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F51F455A-67AE-472D-8A90-D902A0721FCF}" = lport=57355 | protocol=6 | dir=in | name=pando media booster |
"{FF0F4118-823A-426D-8F0B-8F5639DF4B9C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FF1D8AC5-5CC6-4C6B-A5AE-D1E9C051D59D}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0194902A-CC4A-47E5-BA65-8825842E836E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{159AB4CF-9B16-4603-A064-4C77C8C02B93}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{245DA8D3-D935-4930-B7C4-2074DA8DC7F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{276DD1E3-3A62-4274-AFDE-5DEFDA2A26E2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2CD0818D-C012-4C5B-B3B2-F96531D46BFE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{2F69DE53-EE88-4C21-861B-E54DE87BB09D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{304F5A02-9768-4A3B-BC09-A7F9F92936D2}" = protocol=58 | dir=in | [email protected],-28545 |
"{3105E8C3-6ED3-41F9-BAD9-FC560A52B605}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{380A55A0-BFAB-4681-80A9-37E8D0D6FAFC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{39D38014-D8E5-44B9-9C6D-7A40AB77579C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3A3236A8-D694-45FD-AB50-11B6210B6F27}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{40660C00-2AFB-413E-9E02-834F5DE9E518}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{422A9251-93CE-41EB-81E6-67B3AA558972}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{4404F83F-5524-40A3-99FA-51920E87AE7C}" = protocol=58 | dir=out | [email protected],-28546 |
"{4A87B691-3DC5-4F6A-B91A-5AAE62F6770D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{4E66F576-4A88-4951-8202-B76993064BBC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{4EAA3B4B-70BB-4106-8B05-25AF82734FF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5771CDB6-9B09-4D5A-BE69-59162C9A2BAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5AF84F21-4F53-406B-9BB5-2AB36DC8CC49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72838FB9-DC0D-49BB-9FB5-2C39BE954380}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{74EBE549-2EC0-4863-8396-E17E37C1EE5C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8579AAC7-9C74-4423-8A6D-B5131651FAEF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85F38EE0-8CEC-46FD-9AD9-8089E95CD29C}" = protocol=1 | dir=out | [email protected],-28544 |
"{899B642C-2F40-42CD-901D-53762528774D}" = protocol=6 | dir=out | app=system |
"{8A92CF99-AEE9-4490-90F7-D2568398416A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8FB77C22-600F-4FC2-8B4D-1D19C5D69BB8}" = protocol=1 | dir=in | [email protected],-28543 |
"{9265BF16-6E81-400B-A1CD-7F0488C1D4F4}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{9CFC20F8-3896-4A4B-8BF8-A05E52DFFD7C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{AA8D1B1D-CEAE-464D-A8ED-3448DAC400F1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{AE04BB1A-0A16-49EE-B9E9-5578AD592D43}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B6E41E24-E863-4D6B-B67B-9983DADF5653}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B75C84CB-9BC2-4962-AAA9-067735DDE858}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BA1F0589-E492-4F99-BD32-0EA6FA2024C9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C1919A06-7828-4E77-ABE8-90ED279D1B94}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D565EA24-DC3B-4064-8751-382517836CB5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB841E91-8B82-4B72-A978-4EC57DA4640E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DF6099F1-339E-4C16-B0B8-B02C1FA853CA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E24AEAE2-96FA-4A17-8B38-081143431500}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E3DDD43E-D005-46CF-A91F-32F412EF977A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{E98AE168-87FC-48F1-AC84-364822DE67A1}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{EB469236-B095-4604-B0EA-953DAB30BB07}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{F4EDB6E6-6DBF-4DD7-9A3B-6B142DEDB70E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{F5F16A41-FC36-478E-9569-2C94479D3671}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{06A5F00F-87CF-4267-92CF-2A6C28E42540}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{100ED8A7-4F26-4BD0-8020-F318688C26CB}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{2C6D068D-77F8-4819-A980-FC8E2B71AB3A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{82FDD08C-E7D2-4E94-837B-B7CC40E317BD}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{8A8A7BEE-DEA7-4A37-B344-6A112B9ADE34}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"TCP Query User{D1E80A75-7425-4802-AF7A-76360FC4E56A}C:\users\trent\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\trent\appdata\local\temp\gw2.exe |
"UDP Query User{1EA91EA8-6A95-48C4-B27E-FAB81EC2DA97}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{2A0D3036-74BA-4CE1-9EE3-16E1B730371C}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe |
"UDP Query User{3003187F-9796-4EB2-BDBB-2A9A2C558079}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{41E939CB-6B27-401B-8610-8D41C79352A5}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{A47A42AD-EA75-486B-92D9-4BD2B5CF57A1}C:\users\trent\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\trent\appdata\local\temp\gw2.exe |
"UDP Query User{FE102765-120A-4615-B259-F5C12FF3F067}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12D93D02-3C15-DF08-581F-52E4A1EB0A3D}" = AMD Drag and Drop Transcoding
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{7029D949-EC6B-4987-ACA8-CA34C025437B}" = AVG 2013
"{80A85269-B7D4-4081-903C-0F416E29B6A9}" = AVG 2013
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1E58B969-9BB4-4012-8D8B-D06005D1CD24}" = TP-LINK Wireless Client Utility
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2537620459-4172844123-2809127833-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2012 9:36:47 AM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/17/2012 12:49:00 PM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/18/2012 6:03:41 PM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/21/2012 12:09:11 AM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/21/2012 12:13:51 AM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/21/2012 12:19:35 AM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/21/2012 1:00:29 AM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/21/2012 1:09:25 AM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/21/2012 2:58:03 PM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/21/2012 4:14:15 PM | Computer Name = Trentys-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/21/2012 12:56:47 AM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/21/2012 12:56:47 AM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/21/2012 12:56:47 AM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %%1068

Error - 9/21/2012 12:59:23 AM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/21/2012 1:08:02 AM | Computer Name = Trentys-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:01:50 AM on ?9/?21/?2012 was unexpected.

Error - 9/21/2012 1:08:14 AM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/21/2012 1:35:09 AM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/21/2012 2:56:59 PM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/21/2012 4:11:46 PM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 9/21/2012 4:12:50 PM | Computer Name = Trentys-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >
  • 0

#10
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

Computer seems to be running fine. No further symptoms or problems thus far

Good.

Java Advice:

There has been a recent severe exploitation of this software, further information can be read here. The aforementioned article will also explain on how to disable the plugins, though my friendly advice would be to uninstall if you do not use anything Java related.

Pando Media Booster Advice:

I see you Pando Media Booster installed, maybe intentionally and or came with one of your installed games for example. Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

My friendly advice is if you do not really use it, merely uninstall. However this is choice to do so or not and end of the day I respect whomever I assist with what they wish to have installed on their respective machines.

Reset Windows 7 Firewall:

Click on Start(Windows 7 Orb) >> Control Panel >> Windows Firewall

Now click click on Restore Defaults >> At the UAC prompt click on Yes >> Restore Defaults >> Yes.

Custom OTL Script:

Note: The below custom script will be removing the Windows Sidebar from auto starting with every system reboot. The reason as too why is explained here.

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote-box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

:Files
ipconfig /flushdns /c
C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

:Commands
[ResetHosts]
[EmptyTemp]
[Reboot]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.

  • 0

Advertisements


#11
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,

I followed your suggestions and removed Java and Pando Media Booster. I restored the defaults on Windows Firewall as well. I copy and pasted the script you supplied into OTL. However, whenever I ran the scan, OTL says "Not Responding" on the task bar -- it has also been at this state for about 20/30 minutes. Is this normal?

-Spriteking
  • 0

#12
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Dakeyras,

After trying the script once more, I got it to fully run the scan. Maybe I had failed to select the whole script when copying. I will post the results shortly.

-Spriteking
  • 0

#13
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Dakeyras,

My computer is running fine thus far -- no further issues.
I did run the OTL script you provided, as well as the MBAM quick scan. The MBAM quick scan stated that no malicious threats were found, so there were no files for me to remove. Here are the respective logs for both programs.

-Spriteking


OTL

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_ROC_NT not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar not found.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Sidebar not found.
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
File C:\Windows\assembly\Desktop.ini not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Trent\Desktop\cmd.bat deleted successfully.
C:\Users\Trent\Desktop\cmd.txt deleted successfully.
File\Folder C:\Users\Trent\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Trent
->Temp folder emptied: 237798181 bytes
->Temporary Internet Files folder emptied: 99645983 bytes
->Java cache emptied: 283238 bytes
->Google Chrome cache emptied: 59207072 bytes
->Flash cache emptied: 1499 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 261091261 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36078763 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 662.00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 09222012_113347

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\Windows Sidebar\sidebar.exe scheduled to be moved on reboot.
C:\Users\Trent\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...




MBAM

IMalwarebytes Anti-Malware (Trial) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Trent :: TRENTYS-PC [administrator]

Protection: Enabled

9/22/2012 11:38:08 AM
mbam-log-2012-09-22 (11-38-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 194397
Time elapsed: 1 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#14
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

No reason why the custom script should have stalled, though feasible something else on your machine was also acessing System Restore at the same time as OTL was atrempting to create one for example.

Or possibly the Empty Temp command which also stops running process had a problem with such on your machine. These things can occur from time to time and not a cause for concern I will further add.

Anyway lets proceed as follows shall we...

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log-file first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

#15
spriteking

spriteking

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,

Here is the log from the ESET Online Scanner:




ESETSmart[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ac5f7d41e1bcae4b85bfec93925e1790
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-22 08:29:56
# local_time=2012-09-22 03:29:56 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 0 99888141 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=90488
# found=8
# cleaned=0
# scan_time=1105
C:\Users\Trent\Desktop\Smitfraud.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Trent\Desktop\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Trent\Desktop\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Trent\Downloads\SmitfraudFix.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Trent\Downloads\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Trent\Downloads\SmitfraudFix\restart.exe Win32/Shutdown.NAA application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\SysWOW64\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP