Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus or Trojan that my AVG and Norton cannot find [Solved]

Started by Ricky_22 , Jan 03 2013 04:11 PM

  • This topic is locked This topic is locked

#16
Ricky_22
Posted 14 January 2013 - 02:51 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
Sorry, I got a little confused with this process (RK) and lost the program, i restarted and have posted all results - hope I haven't mucked things up ...............................


RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/14/2013 15:58:35

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_01142013_02d1558.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt



RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 01/14/2013 16:06:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> NOT SELECTED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_01142013_02d1606.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt


RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/14/2013 16:13:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5]_S_01142013_02d1613.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ; RKreport[5]_S_01142013_02d1613.txt




RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 01/14/2013 16:15:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6]_D_01142013_02d1615.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ; RKreport[5]_S_01142013_02d1613.txt ;
RKreport[6]_D_01142013_02d1615.txt




RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/14/2013 16:16:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 95 / Fail 0
Start menu: Success 2 / Fail 0
User folder: Success 111 / Fail 0
My documents: Success 1 / Fail 1
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 4 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 170 / Fail 0
Backup: [NOT FOUND]

Drives:
[A:] \Device\Floppy0 -- 0x2 --> Skipped
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[7]_SC_01142013_02d1616.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ; RKreport[5]_S_01142013_02d1613.txt ;
RKreport[6]_D_01142013_02d1615.txt ; RKreport[7]_SC_01142013_02d1616.txt


RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : ProxyFix -- Date : 01/14/2013 16:17:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

Finished : << RKreport[8]_PR_01142013_02d1617.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ; RKreport[5]_S_01142013_02d1613.txt ;
RKreport[6]_D_01142013_02d1615.txt ; RKreport[7]_SC_01142013_02d1616.txt ; RKreport[8]_PR_01142013_02d1617.txt



# AdwCleaner v2.105 - Logfile created 01/14/2013 at 16:19:49
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Owner - OWNER-PC
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
Deleted on reboot : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
File Deleted : C:\END
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Perion
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Users\Owner\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8B63A8D6-BBED-4341-8867-790E5F524C96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481032
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ebfmlbdgbekinmmpfmpjjkfclcgedhgj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ggagiiobgjmfpdadhecbofeoelcpidec
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.15] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48"[...]
Deleted [l.2035] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT2481032&SearchSource=48", "[...]

*************************

AdwCleaner[R1].txt - [10456 octets] - [14/01/2013 04:18:45]
AdwCleaner[S1].txt - [9853 octets] - [14/01/2013 16:19:49]

########## EOF - C:\AdwCleaner[S1].txt - [9913 octets] ##########


*
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.14.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

14/01/2013 4:57:39 PM
mbam-log-2013-01-14 (16-57-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 362949
Time elapsed: 44 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Gygan\0.7.0.0\2010.10.23T01.25\Native\STUBEXE\8.0.1112\@WINDIR@\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Owner\AppData\Local\Xenocode\Sandbox\Gygan\0.7.0.0\2010.10.23T01.25\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\Gygan BETA\Gygan.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

.
2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Starting protection
2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Protection started successfully
2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 16:55:57 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE Starting database refresh
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE Stopping IP protection
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE IP Protection stopped successfully
2013/01/14 16:56:19 +0800 OWNER-PC Owner MESSAGE Database refreshed successfully
2013/01/14 16:56:19 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 16:56:20 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Starting protection
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Protection started successfully
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 17:47:18 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully

*


.
.
continued soon LOL





Edited by Ricky_22, 14 January 2013 - 04:28 AM.

  • 0

Advertisements

#17
godawgs
Posted 14 January 2013 - 11:08 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Sorry, I got a little confused with this process (RK) and lost the program, i restarted and have posted all results - hope I haven't mucked things up ...............................

You removed the check mark from the wrong line in RogueKiller. You haven't mucked things up.....But this is a good time to re-state that the instructions must be carefully read and followed. And if you aren't sure about anything, STOP and ask.
The tools we use have the potential to do as much harm as good if used incorrectly. We will come back to this.

Did the following come from the ESET scan and was that the entire log:?

2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Starting protection
2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Protection started successfully
2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 16:55:57 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE Starting database refresh
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE Stopping IP protection
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE IP Protection stopped successfully
2013/01/14 16:56:19 +0800 OWNER-PC Owner MESSAGE Database refreshed successfully
2013/01/14 16:56:19 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 16:56:20 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Starting protection
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Protection started successfully
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 17:47:18 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully


  • 0

#18
Ricky_22
Posted 14 January 2013 - 11:33 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts

Sorry, I got a little confused with this process (RK) and lost the program, i restarted and have posted all results - hope I haven't mucked things up ...............................

You removed the check mark from the wrong line in RogueKiller. You haven't mucked things up.....But this is a good time to re-state that the instructions must be carefully read and followed. And if you aren't sure about anything, STOP and ask.
The tools we use have the potential to do as much harm as good if used incorrectly. We will come back to this.

Did the following come from the ESET scan and was that the entire log:?

2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Starting protection
2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Protection started successfully
2013/01/14 16:55:55 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 16:55:57 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE Starting database refresh
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE Stopping IP protection
2013/01/14 16:56:17 +0800 OWNER-PC Owner MESSAGE IP Protection stopped successfully
2013/01/14 16:56:19 +0800 OWNER-PC Owner MESSAGE Database refreshed successfully
2013/01/14 16:56:19 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 16:56:20 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Starting protection
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Protection started successfully
2013/01/14 17:47:17 +0800 OWNER-PC Owner MESSAGE Starting IP protection
2013/01/14 17:47:18 +0800 OWNER-PC Owner MESSAGE IP Protection started successfully



No, that was the other that came with malware bytes!

Here is the ESET SCAN results .....

C:\Users\Owner\Appliances\YouTubeDownloaderSetup264.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Owner\Appliances\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
C:\Windows.old\Documents and Settings\Owner\Appliances\YouTubeDownloaderSetup264.exe a variant of Win32/Toolbar.Widgi application
C:\Windows.old\Documents and Settings\Owner\Appliances\YouTubeDownloaderSetup33.exe a variant of Win32/Toolbar.Widgi application
  • 0

#19
godawgs
Posted 14 January 2013 - 01:16 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks Ricky,

Step-1.

Run RogueKiller again. Wait for the prescan to finish
IF the Delete button is not greyed out click it, and after the process has completed post the RKreport[9]_D_date and time.txt log.
IF the Delete button is greyed out, click the Scan button. Once the Scan has completed, click the Delete button and after the process has completed post the RKreport[9]_S_date and time.txt log and the RKreport[10]_D_date and time.txt log


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\Users\Owner\Appliances\YouTubeDownloaderSetup264.exe
C:\Users\Owner\Appliances\YouTubeDownloaderSetup33.exe

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The RKreport[9]......txt log or the RKreport[9].......txt log and RKreport[10]........txt log
2. The OTL fixes log
3. The new OTL.txt log
4. The checkup.txt log
  • 0

#20
Ricky_22
Posted 14 January 2013 - 02:22 PM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 01/15/2013 04:04:42

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> FOUND
[STARTUP][SUSP PATH] Canon IJ Status Monitor Canon iP4500 series.lnk @Owner : C:\Windows\system32\rundll32.exe|C:\Users\Owner\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[9]_S_01152013_02d0404.txt >>
RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ; RKreport[5]_S_01142013_02d1613.txt ;
RKreport[6]_D_01142013_02d1615.txt ; RKreport[7]_SC_01142013_02d1616.txt ; RKreport[8]_PR_01142013_02d1617.txt ; RKreport[9]_S_01152013_02d0404.txt

.
RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 01/15/2013 04:05:16

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[TASK][SUSP PATH] RunAsStdUser Task : C:\Users\Owner\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe -secondattempt hxxp://sp.ask.com/toolbar/toolbarS/toolbar.php?tb=ASK&browser=IE&success=1 -> DELETED
[STARTUP][SUSP PATH] Canon IJ Status Monitor Canon iP4500 series.lnk @Owner : C:\Windows\system32\rundll32.exe|C:\Users\Owner\cnmss Canon iP4500 series (Local).dll,SMStarterEntryPoint USB002;Canon iP4500 series;cnmss Canon iP4500 series (Local).dll;Canon IJ Status Monitor Canon iP4500 series.lnk -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-00M2B0 ATA Device +++++
--- User ---
[MBR] e4c32d75f36cc0bfb22cdfa097335e3a
[BSP] 62fe32c25f7172e37c7f335a33ddae6c : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[10]_D_01152013_02d0405.txt >>
RKreport[10]_D_01152013_02d0405.txt ; RKreport[1]_S_01112013_02d0834.txt ; RKreport[2]_S_01142013_02d0354.txt ; RKreport[3]_S_01142013_02d1558.txt ; RKreport[4]_D_01142013_02d1606.txt ;
RKreport[5]_S_01142013_02d1613.txt ; RKreport[6]_D_01142013_02d1615.txt ; RKreport[7]_SC_01142013_02d1616.txt ; RKreport[8]_PR_01142013_02d1617.txt ; RKreport[9]_S_01152013_02d0404.txt

..
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Users\Owner\Appliances\YouTubeDownloaderSetup264.exe moved successfully.
C:\Users\Owner\Appliances\YouTubeDownloaderSetup33.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 1740088 bytes
->Temporary Internet Files folder emptied: 23238961 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6745282 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121676 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 30.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01152013_041032

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\EasyRedirect.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

.


OTL logfile created on: 15/01/2013 4:22:52 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.97% Memory free
4.00 Gb Paging File | 2.65 Gb Available in Paging File | 66.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 652.19 Gb Free Space | 70.01% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2013/01/09 03:22:17 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/21 19:43:20 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/08/04 01:51:38 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe
PRC - [2008/02/13 13:52:10 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


========== Modules (No Company Name) ==========

MOD - [2010/02/12 10:37:50 | 000,633,696 | ---- | M] () -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\ContextHandler.dll


========== Services (SafeList) ==========

SRV - [2013/01/09 03:22:21 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/22 15:10:40 | 003,575,120 | ---- | M] (EasyTech) [Auto | Running] -- C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe -- (EasyRedirect)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/05 20:40:33 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/08 11:00:53 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/07/16 02:58:59 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/08/04 01:51:12 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/08/24 22:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [Auto | Running] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/26 13:54:12 | 001,554,728 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/15 23:33:26 | 000,094,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/11/05 20:40:33 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/10/22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/10/15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/07/23 00:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/13 05:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/08/04 02:21:44 | 006,096,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/04 01:15:30 | 000,214,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/03 17:34:04 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010/02/01 12:11:31 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/08/19 09:58:10 | 000,347,904 | ---- | M] (Compro Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\U2800vid.sys -- (U2800Vid)
DRV - [2009/07/14 07:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/14 06:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/11/26 13:54:12 | 000,038,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm)
DRV - [2007/11/26 13:54:12 | 000,036,776 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass)
DRV - [2007/11/26 13:54:02 | 000,118,952 | ---- | M] (Nero AG) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2007/06/25 04:37:24 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...&p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Owner\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6DEA3357-2B99-4EED-936A-ADD045390116}: "URL" = http://www.google.co...Page={startPage}
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://au.search.yah...&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2012/11/01 16:34:26 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin

[2010/02/01 19:30:48 | 000,002,038 | ---- | M] () -- \searchplugins\MyStart Search.xml

========== Chrome ==========

CHR - homepage: http://www.google.com.au/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com.au/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.441_0\npbrowserext.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Owner\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Secure Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.2.0.5_0\

O1 HOSTS File: ([2006/09/19 05:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\EasyRedirect.dll (EasyTech)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{246842DE-797F-4BF9-9856-10622A84D292}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/14 16:54:12 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/01/14 16:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/14 16:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/01/14 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs
[2013/01/14 16:37:38 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/14 08:42:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Real
[2013/01/14 02:40:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FC32DA9F-4AF8-4792-B85C-8A817A796B38}
[2013/01/13 19:55:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/11 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{593CA4D9-2A4A-4B38-B32D-099256A334FA}
[2013/01/11 08:24:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\RK_Quarantine
[2013/01/11 08:14:19 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/01/11 07:53:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/04 06:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\FLV_Runner
[2013/01/04 06:00:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6CF46172-03DE-4731-B3B0-1E305915A139}
[2013/01/04 04:46:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NPE
[2013/01/02 03:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013/01/02 03:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Free Easy CD DVD Burner
[2012/12/29 07:31:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{91E58550-D6B0-4013-AA25-133CB20469BF}
[2012/12/26 08:45:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{10566215-1643-4E75-98BA-D6C83B34A25B}
[2012/12/25 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{31D8AB4E-135C-4CB2-B717-E911815F448C}
[2012/12/24 20:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{687F8AE3-2648-475B-BC8E-01F699AAE412}
[2012/12/21 19:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/12/19 09:54:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D96D4F52-C55A-4A6D-86D1-0E6CD956A7DC}
[2011/11/22 22:57:22 | 000,055,296 | ---- | C] (CANON INC.) -- C:\Users\Owner\cnmss Canon iP4500 series (Local).dll

========== Files - Modified Within 30 Days ==========

[2013/01/15 04:24:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/15 04:20:54 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 04:20:54 | 000,010,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/15 04:13:42 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/15 04:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/15 04:13:05 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/15 01:48:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/15 00:37:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000UA.job
[2013/01/14 16:54:12 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/14 16:39:43 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/14 16:10:56 | 000,000,906 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller - Shortcut.lnk
[2013/01/14 04:17:10 | 000,554,087 | ---- | M] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/01/14 03:51:52 | 000,764,416 | ---- | M] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2013/01/12 18:15:45 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-754179056-1382982999-2036298953-1000Core.job
[2013/01/11 22:53:31 | 000,002,368 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/11 22:53:31 | 000,002,366 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2013/01/11 16:07:20 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/11 09:04:38 | 000,000,718 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130111_090432.reg
[2013/01/11 08:17:40 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/01/11 08:14:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswMBR.exe
[2013/01/11 07:53:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2013/01/11 07:42:26 | 000,007,235 | ---- | M] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/09 07:41:39 | 000,270,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/09 07:23:34 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/09 07:23:34 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/07 11:37:16 | 000,003,520 | ---- | M] () -- C:\Windows\System32\EasyRedirect.ini
[2013/01/07 11:37:16 | 000,002,040 | ---- | M] () -- C:\Windows\System32\EasyRedirectOff.ini
[2013/01/06 00:31:46 | 000,010,312 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/05 21:07:47 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/01/04 18:28:22 | 000,002,544 | ---- | M] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:42 | 000,002,608 | ---- | M] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:45 | 000,002,488 | ---- | M] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2013/01/02 03:54:39 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/12/24 08:45:53 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/12/24 08:43:53 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/12/21 19:49:05 | 000,001,014 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk

========== Files Created - No Company Name ==========

[2013/01/14 16:54:12 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/14 16:10:56 | 000,000,906 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller - Shortcut.lnk
[2013/01/14 04:17:10 | 000,554,087 | ---- | C] () -- C:\Users\Owner\Desktop\adwcleaner.exe
[2013/01/14 03:51:52 | 000,764,416 | ---- | C] () -- C:\Users\Owner\Desktop\RogueKiller.exe
[2013/01/11 09:04:33 | 000,000,718 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130111_090432.reg
[2013/01/11 08:17:40 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2013/01/11 07:42:26 | 000,007,235 | ---- | C] () -- C:\Users\Owner\Documents\Geeks to go info.rtf
[2013/01/06 00:31:43 | 000,010,312 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130106_003141.reg
[2013/01/04 18:28:20 | 000,002,544 | ---- | C] () -- C:\{BA76886B-8817-4CA4-BA8D-B9ABD1112250}
[2013/01/04 17:42:41 | 000,002,608 | ---- | C] () -- C:\{A95E696B-5FFF-41E1-A6A3-19045057F6C1}
[2013/01/04 17:28:42 | 000,002,488 | ---- | C] () -- C:\{B07E2C49-E40A-416A-8499-2822BB277C2B}
[2012/12/09 17:29:33 | 000,753,152 | ---- | C] () -- C:\Windows\is-VFVUN.exe
[2011/08/13 16:12:41 | 000,003,520 | ---- | C] () -- C:\Windows\System32\EasyRedirect.ini
[2011/07/16 01:08:27 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/07/16 00:45:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/14 09:42:22 | 000,000,104 | ---- | C] () -- C:\Users\Owner\Internet - Shortcut.lnk
[2011/05/26 17:06:50 | 000,002,040 | ---- | C] () -- C:\Windows\System32\EasyRedirectOff.ini
[2011/05/13 22:47:52 | 000,002,496 | ---- | C] () -- C:\Windows\System32\AVRedirector.ini
[2011/05/13 22:47:52 | 000,001,248 | ---- | C] () -- C:\Windows\System32\AVRedirectorOff.ini
[2011/04/03 12:32:28 | 000,139,772 | ---- | C] () -- C:\Windows\hpoins15.dat.temp
[2011/04/03 12:32:27 | 000,001,039 | ---- | C] () -- C:\Windows\hpomdl15.dat.temp

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/07/16 01:01:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft
[2013/01/14 09:26:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Applian FLV and Media Player
[2012/10/26 17:31:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2011/11/12 15:07:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2012/10/12 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG
[2012/10/10 13:45:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG2013
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
[2011/07/16 01:01:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVSoftware
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD-LabelPrint
[2012/07/09 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CometPlayer
[2011/07/16 01:01:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Easy Thumbnails
[2012/07/09 11:12:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Go PDF Reader
[2010/11/24 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gygan
[2012/06/09 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Icir
[2011/07/16 01:01:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ImgBurn
[2011/12/01 09:12:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MusicNet
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Octoshape
[2012/10/28 08:50:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PCCUStubInstaller
[2011/11/12 15:51:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RegGenie
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Registry Mechanic
[2012/11/29 03:40:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RoboForm
[2012/07/06 01:06:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TigerPlayer
[2012/10/10 13:42:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUp Software
[2012/06/08 17:58:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Umost
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Uniblue
[2011/07/16 01:01:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2012/06/08 17:58:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yskyof

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >

.

Results of screen317's Security Check version 0.99.57
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Java™ 6 Update 26
Java version out of Date!
Google Chrome 23.0.1271.97
Google Chrome 24.0.1312.52
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Edited by Ricky_22, 14 January 2013 - 02:33 PM.

  • 0

#21
godawgs
Posted 14 January 2013 - 10:42 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Posted Image UPDATE JAVA

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)

If you still want to update your Java, follow the instructions below.

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older versions of Java components and update:
  • Download the latest version of the Java Runtime Environment (JRE) Version from Here or Here and save it to your desktop.
  • Look for "Java Platform, Standard Edition". You will see the current Java version and update number under listed under the heading. Example: The newest update is Java SE 7u11
  • Click the "Download JRE" button to the right.
  • On the JSE Downloads page, click the button to "Accept License Agreement".
  • Under the Java SE Runtime Environment 7u11 heading:
  • For Windows 32 bit systems, look for Windows x86 Offline 30.02MB, click the jre-7u11-windows-i586.exe file and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
Click Control Panel. Under the Programs heading click Uninstall a program. In the list of installed programs, find and remove all older versions of Java.
  • Click to (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Right-click the program and click Uninstall. Follow the on screen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
  • Then from your desktop right-click on the jre-7u11-windows-i586.exe file and click Run as Administrator to install the newest version. You may be asked to supply the Administrator password.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on the Delete Temporary Files Window
    [Note:] This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version. It's on the Update tab in Java in the Control Panel.

[Note:] The Java Quick Starter (JQS.exe) adds a service to improve the initial start up time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > You will have to be in Classic View to see Java(It looks like a coffee cup). Double-click on Java click the Advanced Tab click Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.


OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Step-1.

Uninstall ESET

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET

3. Click on each program to highlight it and click Change/Remove. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET

2. Close Windows Explorer.

Step-2.

Uninstall AdwCleaner

Re-open AdwCleaner
  • Click the Uninstall button
  • Confirm with yes
Posted Image

Step-3.

2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will remove most/all of the tools used and logs created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.

Step-4.

Delete the following Files and Folders (If Present):

On the Desktop:
MBR.dat
Securitycheck.exe
Checkup.txt
jre-7u11-windows-i586.exe

Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.

Step-5.

Reset Hidden Files and Folders

For Vista and Windows 7
1. Click Start,click Control Panel.
2. Click Folder Options.... NOTE: If you are in the Category view, click Appearance, then Folder Options
3. On the Folder Options window click the View tab.
4. In the Advanced settings: box, Under Hidden files and folders, click the Do not show hidden files and folders button.
5. Click the Hide protected operating system files (Recommended) box.
6. Click Apply and then OK

Step-6.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

For Vista and Windows 7:
  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • In the Available Disks box put a ckeck mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name fo the restore point, i.e: Clean
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel
Now we can purge the old Restore Points
  • Click Start(Windows 7 Orb), click Run (or press the Windows key and R together) to bring up the Run box.
  • Copy and Paste the following in the Run box:
    cleanmgr
  • Click OK
    A Disk Cleanup Options popup will open
    Posted Image
  • Click Files from all users on this computer

    A Drive Selection popup will open
    NOTE: You will not see this window unless you have more than one drive or partition on your computer.
    Posted Image
    If you chose Files from all users on this computer above, then click on Continue for UAC prompt.
  • Select the system drive, C:\ and click OK.
  • For a few moments the system will make some calculations
    Posted Image
  • The Disk Cleanup Window will open:
    Posted Image
  • Click the More Options tab.
  • Click the Clean up button under the System Restore and Shadow Copies section. (See screenshot below)
    Posted Image
  • In the Disk Cleanup dialog box, click Delete (See screenshot below).
    Posted Image
  • You will get a Disk Cleanup confirmation (See screenshot below)
    Posted Image
  • Click Delete Files, and then click OK.


Preventing Re-Infection

Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Vista and Windows 7 Users:
1. Click Start> All Programs, from the list find Windows Update and click it.

:Turn On Automatic Updates:

Vista and Windows 7
1. Click Start> Control Panel. Click Security. Under Windows Update, Click Turn automatic on or off.
2. On the next page, under Important Updates, Click the Drop down arrow on the right side of the box and Click Install Updates Automatically(recommended).
If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your task bar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to disable Java in your web browser or How to unplug Java from the browser)
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.

It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A program that will do this is listed below. Download and install the program and run it monthly:
Filehippo Update Checker

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#22
Ricky_22
Posted 15 January 2013 - 10:05 AM

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 349 posts
Thank you so much godawgs, for your time, your expertise, your follow-throughs and considerations, your patience and understanding, all I might say greatly appreciated :thumbsup:


I uninstalled Java ..... followed all other instructions as per .....



Sincere thanks and regards


Ricky
  • 0

#23
godawgs
Posted 15 January 2013 - 01:03 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Thank you so much godawgs, for your time, your expertise, your follow-throughs and considerations, your patience and understanding, all I might say greatly appreciated :thumbsup:

You are very welcome. :prop:
  • 0

#24
godawgs
Posted 19 January 2013 - 11:09 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP