Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus - blue screen - not sure which [Solved]

Started by kyong , Mar 18 2013 06:49 PM

  • This topic is locked This topic is locked

#1
kyong
Posted 18 March 2013 - 06:49 PM

kyong

    Member

  • Member
  • PipPip
  • 27 posts
I keep getting a blue screen on my computer when I log in.

I looked at the task manager and I keep seeing a process : winrscmde taking more and more memory. Don't know if that is anything having to do with this.

I got into safe mode and here are the OTL files that I got after running it.

OTL logfile created on: 3/18/2013 8:43:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 61.97% Memory free
7.73 Gb Paging File | 6.46 Gb Available in Paging File | 83.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 391.98 Gb Free Space | 86.90% Space Free | Partition Type: NTFS
Drive D: | 473.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/18 20:29:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.com
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 11:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/03/17 16:24:41 | 000,968,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/11/27 22:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/22 10:29:18 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/22 10:18:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/17 16:24:41 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/02 16:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/26 11:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/21 17:24:02 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2CB1E3F9-8710-4C79-B5B1-594958A0D29E}
IE:64bit: - HKLM\..\SearchScopes\{2CB1E3F9-8710-4C79-B5B1-594958A0D29E}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {42843A5F-8CF1-455D-BF39-EA5BC5E4FBF3}
IE - HKLM\..\SearchScopes\{42843A5F-8CF1-455D-BF39-EA5BC5E4FBF3}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{8409F817-5E69-4AA8-9844-A2E192E6DF10}: "URL" = http://isearch.avg.c...pr&d=2012-11-24 13:51:09&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....fr&d=2013-03-17 16:25:59&v=14.2.0.1&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 16:51:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/12/23 16:51:21 | 000,000,000 | ---D | M]

[2011/12/21 16:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joe\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U19 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.22.45_0\crossrider
CHR - Extension: Shopping Sidekick Plugin = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.22.45_0\
CHR - Extension: SlingPlayer for DISH Anywhere = C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn\1.5.13.743_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B807C3E0-40A5-4159-8350-D3DEB5A2201A}: DhcpNameServer = 192.168.15.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/19 09:49:02 | 000,000,088 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{eb3432ab-35cb-11df-aaf7-806e6f6e6963}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/18 20:34:55 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Joe\Desktop\rkill.exe
[2013/03/18 20:27:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.scr
[2013/03/18 20:26:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013/03/18 20:11:41 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2013/03/18 19:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/17 20:25:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/03/17 17:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/03/17 16:27:09 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\AVG2013
[2013/03/17 16:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/03/17 16:26:35 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\AVG SafeGuard toolbar
[2013/03/17 16:25:56 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/03/17 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/03/17 16:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/03/17 16:23:46 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/03/17 16:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/03/17 16:10:01 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Avg2013
[2013/03/17 15:34:36 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/16 19:11:55 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/03/16 18:41:08 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/03/14 03:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 03:01:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/14 03:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 15:38:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 15:38:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 15:38:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 15:38:37 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 15:38:37 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/13 15:38:37 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 15:38:37 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/11 17:39:04 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Roaming\Sling Media
[2013/03/07 16:18:12 | 000,000,000 | ---D | C] -- C:\Users\Joe\Desktop\New folder (2)
[2013/03/03 01:38:51 | 000,000,000 | ---D | C] -- C:\Users\Joe\AppData\Local\Programs
[2013/02/28 04:00:36 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/28 04:00:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/28 04:00:36 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/28 04:00:36 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/28 04:00:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/28 04:00:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/28 04:00:34 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/28 04:00:34 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/28 04:00:34 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/28 04:00:34 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/28 04:00:34 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/28 04:00:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/28 04:00:34 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/28 04:00:34 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/28 04:00:34 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/28 04:00:33 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/28 04:00:33 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/28 04:00:33 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/28 04:00:33 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/28 04:00:33 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/28 04:00:33 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/28 04:00:33 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/28 04:00:33 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/28 04:00:33 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/28 04:00:33 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/28 04:00:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/28 04:00:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/28 04:00:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/28 04:00:33 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/28 04:00:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/28 04:00:33 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/28 04:00:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/28 04:00:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/28 04:00:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/28 04:00:33 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/28 04:00:32 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/28 04:00:32 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/28 04:00:32 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/28 04:00:32 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/28 04:00:32 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/28 04:00:32 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/26 23:40:46 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

========== Files - Modified Within 30 Days ==========

[2013/03/18 20:42:04 | 130,977,792 | ---- | M] () -- C:\Users\Joe\Desktop\VIPRERescue16126.exe
[2013/03/18 20:36:48 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Joe\Desktop\rkill.exe
[2013/03/18 20:29:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.com
[2013/03/18 20:28:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.scr
[2013/03/18 20:26:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joe\Desktop\OTL.exe
[2013/03/18 20:14:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/18 20:13:49 | 327,732,059 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/18 20:13:47 | 3113,545,728 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/18 20:12:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/18 20:11:27 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/18 19:30:47 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/18 12:10:30 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/03/17 17:29:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 17:29:15 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/17 16:26:40 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/17 16:24:41 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/03/17 16:24:27 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/17 16:24:27 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/17 16:24:27 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/17 15:52:16 | 000,803,688 | ---- | M] () -- C:\Users\Joe\AppData\Local\census.cache
[2013/03/17 15:51:44 | 000,100,996 | ---- | M] () -- C:\Users\Joe\AppData\Local\ars.cache
[2013/03/17 12:21:28 | 000,000,278 | ---- | M] () -- C:\Users\Joe\AppData\Roaming\wklnhst.dat
[2013/03/16 20:53:16 | 000,003,608 | ---- | M] () -- C:\bootsqm.dat
[2013/03/12 19:13:34 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/28 09:57:18 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/28 09:57:09 | 000,735,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/28 09:57:09 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/28 09:57:07 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/28 09:37:20 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/28 09:37:08 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/28 09:37:03 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

========== Files Created - No Company Name ==========

[2013/03/18 20:42:04 | 130,977,792 | ---- | C] () -- C:\Users\Joe\Desktop\VIPRERescue16126.exe
[2013/03/18 19:30:47 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/18 12:10:30 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 16:26:40 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/03/17 15:52:16 | 000,803,688 | ---- | C] () -- C:\Users\Joe\AppData\Local\census.cache
[2013/03/17 15:51:44 | 000,100,996 | ---- | C] () -- C:\Users\Joe\AppData\Local\ars.cache
[2013/03/16 20:53:16 | 000,003,608 | ---- | C] () -- C:\bootsqm.dat
[2013/03/16 18:41:03 | 327,732,059 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/11/18 16:36:58 | 000,000,278 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\wklnhst.dat
[2010/11/06 16:03:46 | 000,000,010 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\install
[2010/10/02 10:23:10 | 000,007,605 | ---- | C] () -- C:\Users\Joe\AppData\Local\Resmon.ResmonCfg
[2010/08/14 13:10:15 | 000,000,036 | ---- | C] () -- C:\Users\Joe\AppData\Local\housecall.guid.cache
[2010/08/11 16:02:33 | 000,000,036 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\skynet.dat
[2010/08/11 16:02:33 | 000,000,009 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\nuar.old
[2010/08/11 16:02:32 | 000,000,072 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sh4.dat
[2010/08/11 16:02:32 | 000,000,004 | ---- | C] () -- C:\Users\Joe\AppData\Roaming\sh3.dat

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


There was also an extras file generated:

OTL Extras logfile created on: 3/18/2013 8:43:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Joe\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 61.97% Memory free
7.73 Gb Paging File | 6.46 Gb Available in Paging File | 83.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 391.98 Gb Free Space | 86.90% Space Free | Partition Type: NTFS
Drive D: | 473.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JOE-PC | User Name: Joe | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1DEE2E1E-C8AA-4447-8BFF-00916F1428E7}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1DF76594-2F7F-443B-BE6F-CAE6FCBCF613}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2A61C0AF-BC8E-4C87-BB20-6193B79E4EDF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E7DBBDF-41C0-4C1D-82CD-DA22F5E052A8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{412F2511-C189-4376-8153-586FF9E142A1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4DB77EAD-43FD-4255-8630-94F0BEAC8474}" = rport=10243 | protocol=6 | dir=out | app=system |
"{54A17E65-6DA1-454C-B78E-07A34D2C50D0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{57D5EFF1-ACA5-420B-8667-942FA131C094}" = rport=137 | protocol=17 | dir=out | app=system |
"{5B0AC2A6-5BE8-4178-AD24-703B41404E7D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5CCCE57D-560A-4D93-BEBE-9C60B1D0A1CD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5F5A8218-8792-4F1B-8D30-AC47C658E485}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6310C744-AEC7-4AF6-8083-09B10E3E0D3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6CE18EA9-BAE9-4D82-98BF-C76A6F692671}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D47291D-681F-4ABA-891F-8818208A5F83}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{85DEAAEB-5F22-4D4F-83C9-06639B423E34}" = rport=445 | protocol=6 | dir=out | app=system |
"{903133A9-1ADA-4921-83E4-AD85790EF458}" = lport=139 | protocol=6 | dir=in | app=system |
"{A89136A4-D0D5-49EF-A651-BA3852C3A198}" = rport=138 | protocol=17 | dir=out | app=system |
"{AF6DFCE9-0C44-46C4-A30E-5C326AFE60AE}" = lport=138 | protocol=17 | dir=in | app=system |
"{AFA3C02E-7499-457A-8305-CD57F58585D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAA37233-707B-415B-B99B-3C7031CEA2DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C1DB851E-B530-45C5-BF39-6620316C2D39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4B60362-14CF-4461-B4F2-9C1ACFDF8868}" = lport=445 | protocol=6 | dir=in | app=system |
"{CB9A4508-205D-4848-BABA-4748296B860A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DAB71946-07A1-49FB-B7BB-87F3E544A986}" = rport=139 | protocol=6 | dir=out | app=system |
"{DB15F444-44A9-4AFC-9C04-9AD78D65C1FF}" = lport=137 | protocol=17 | dir=in | app=system |
"{DF364A47-4A9F-423B-8451-B8B96CE4D299}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B522821-DCDB-4B28-B6C9-F2335F8BB198}" = protocol=58 | dir=out | [email protected],-28546 |
"{0CFD2D5C-6AE1-4083-8338-08A2B66CC1D1}" = protocol=1 | dir=in | [email protected],-28543 |
"{137E81AE-F02E-4238-92C2-ED836BE5729E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{170025AF-1658-404C-847E-67BB61DB4228}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{25EBD874-F578-4BD0-A42A-CB34DEB96FAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{34C03696-11DF-48B1-9018-7B2DC9DC1C81}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{351FEFAE-3825-4CE8-8F3F-B065D11E87BE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{39039CBD-AFAB-47F8-ABA2-08D5CA915904}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{3F9AC6A1-83A3-489D-95B3-E3FA8C7CC80A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{403C3E80-4448-4283-9659-7BC7277CFF6A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{46EBC377-E1C3-461D-B16A-CD3DD747FE1E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4730A10A-45E6-4671-A11C-743AD32036B1}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4C429986-70A5-4718-8C4C-20D195761C6D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{508E4A7C-9E19-402C-A9CD-DF265B2A37F3}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{558554D5-3812-4425-BB41-7D7E8C6DC9CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{5EFC87F7-6FF9-413F-9EB2-B4BA563DED5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FF1CED8-40CA-4D73-AE21-3CE0D96413AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67D41059-CA93-4E11-8910-E8F6D568720E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6AEFE7D4-BF61-434A-836D-7447F8946124}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75ABE517-4209-4629-B39F-E3A1546BDB46}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{75F208BC-01DD-4A43-9B8D-3C54C126E4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{7639657E-954D-4989-B195-5F860F4494A5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D73016A-A006-41FF-9644-489057DF9E49}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{8250F77D-BB43-4127-9284-AB248C330179}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{86873188-2C3F-469C-8BA4-D0CE964A7D16}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{880BDA4F-4327-4752-B94C-8B0046E3BBAD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{89874507-9026-4752-9F3D-3C1EA03BB5C7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{97A3E161-CC88-4AC0-AB5C-F252CEFD90BF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{9D4ADC71-47F2-4A89-A60B-B9723345C15B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{9D8D2915-D328-419C-A12B-EB703FC3C626}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{9E005B38-AD2F-430B-9B90-F4FEC91CC752}" = protocol=6 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{A6EF37AC-D036-46A8-BC7C-89B65E79F031}" = protocol=58 | dir=in | [email protected],-28545 |
"{A89C7A24-FC8B-4354-8CB7-C707BFD4FE99}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A9350249-1582-4DE1-BB2D-A0AA0EA1B451}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{AAF465AE-FA86-4106-A149-45017E540AEC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{ABF2577A-28E1-441A-B4C6-D0A13EB2E21A}" = protocol=6 | dir=out | app=system |
"{AF32324B-B6AA-4DED-AC5F-3264683AFFB1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{B0E1D42C-AB6C-4D43-A53B-05C0BB5D1FB5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{B1B20972-E8C0-4269-8095-1D62C2E40588}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B8CDB691-54A7-47D6-BCCD-8A6039A0BC4E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C215F249-3E61-49CD-BBB1-E732CE53000D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{D0F63300-764E-4786-8B2F-60BA4CBFF8BB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D2A8115D-3742-4A29-8D9E-A864CEDA0AE8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D6EDEFDE-013A-4097-9F26-E75D5C65DC5A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{E2AE87E4-8C32-435C-8796-9EA266735737}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{E316EE5C-5828-4522-9CE2-41EF04F0A207}" = protocol=17 | dir=in | app=c:\program files (x86)\rhapsody\rhapsody.exe |
"{E3BD9F88-35E3-4559-8A26-3808C9F02EDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E7DEDAD9-1081-4FB9-8EB1-C9483C939A32}" = dir=in | app=d:\setup\hpznui40.exe |
"{F1E62FB4-FF09-4490-8511-26D951ED074A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{F2F8AA81-7F32-4099-83BE-E9327620D37A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F548F528-EB2E-4F26-9F67-B8E4AEBF38B3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{F678B98D-C838-433B-8FFF-960FB8CB5CDE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FA0243EE-6294-45FD-961A-3750BFDB2267}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{FA923748-C560-4598-A1D1-ADE9419ED0CF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FD4D7AB9-C399-475A-8B3D-DE3ACD4A9E24}" = protocol=1 | dir=out | [email protected],-28544 |
"TCP Query User{9B235F9E-582B-45D6-82DB-52136AB8A01A}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"UDP Query User{2F892045-B08D-442C-BB04-7F4712274185}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{2D22CAE4-B9B9-4813-ABAE-AFC650C00800}" = AVG 2013
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ABA7BF8F-50AD-4DB3-9565-F18EA4FE3BF0}" = AVG 2013
"{D850BEF5-67AF-4071-9538-FA9AC725D62C}" = Officejet Pro 8500 A909 Series
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2013
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{102CBC47-7FDE-4E6C-8A3A-67B79833FAC8}" = BPDSoftware_Ini
"{11B2F891-91C8-47ce-945A-A91003EA27FB}" = BPDSoftware
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18AB082B-6584-4F74-8ABC-D5935CF46E4C}" = 8500A909_eDocs
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1E5C7043-09C5-4974-A69F-A5271FD82BBC}" = PlayMemories Home
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java™ 6 Update 33
"{29D3773E-54F4-23C2-D523-236A4453B845}_is1" = FileAlyzer 2
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{42A28621-B822-4B7B-8D91-6D14CB4E6292}" = Masque Slots Dual Pack
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{432A850B-3558-4BFF-B1F9-30626835B523}" = BPD_DSWizards
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B495547C-01F8-4836-A2E6-749B5F3EA691}" = 8500A909_Help
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CD8C5C7F-7C58-4F85-8977-A6C08C087912}" = MPM
"{D5DEF057-D3BC-499f-99EE-884ED429B6D1}" = 8500A909g
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DA8BF070-1358-4a30-A68F-21E0E9421AEF}" = ProductContext
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Cubis Gold 2" = Cubis Gold 2
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"PartyCasino" = PartyCasino
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UBNet" = UBNet

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2013 7:08:33 PM | Computer Name = Joe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/4/2013 2:59:58 PM | Computer Name = Joe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/5/2013 11:28:52 AM | Computer Name = Joe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/6/2013 11:51:24 PM | Computer Name = Joe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/7/2013 1:37:41 AM | Computer Name = Joe-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 3/7/2013 3:51:38 AM | Computer Name = Joe-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 3/7/2013 10:59:45 AM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: avgui.exe, version: 13.0.0.2792, time stamp:
0x50993af1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x1068 Faulting application
start time: 0x01ce15bba29a4e7d Faulting application path: C:\Program Files (x86)\AVG\AVG2013\avgui.exe
Faulting
module path: unknown Report Id: a55015d4-8737-11e2-ae24-a4badbe8eb3a

Error - 3/7/2013 6:41:19 PM | Computer Name = Joe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/8/2013 3:18:14 PM | Computer Name = Joe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/9/2013 10:41:29 AM | Computer Name = Joe-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 3/9/2013 3:12:26 PM | Computer Name = Joe-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: icucnv36.dll, version: 3.6.0.0, time
stamp: 0x470eff71 Exception code: 0xc0000005 Fault offset: 0x000013df Faulting process
id: 0x199c Faulting application start time: 0x01ce1cfa006839aa Faulting application
path: C:\Program Files (x86)\internet explorer\iexplore.exe Faulting module path:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll Report Id: 472f75a1-88ed-11e2-ae24-a4badbe8eb3a

[ System Events ]
Error - 3/18/2013 8:42:34 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:12 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:12 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:12 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:12 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:12 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:12 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:42 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:42 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 3/18/2013 8:44:42 PM | Computer Name = Joe-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 18 March 2013 - 06:59 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kyong

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
kyong
Posted 19 March 2013 - 03:24 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Checkup.txt
=====================================
sults of screen317's Security Check version 0.99.61
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
Java™ 6 Update 33
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.172
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
  • 0

#4
kyong
Posted 19 March 2013 - 03:25 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
# AdwCleaner v2.115 - Logfile created 03/19/2013 at 17:13:00
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Joe - JOE-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Joe\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Program Files (x86)\Wajam
Folder Deleted : C:\ProgramData\search protection
Folder Deleted : C:\Users\Joe\AppData\Local\Wajam
Folder Deleted : C:\Users\Joe\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Google Chrome v25.0.1364.172

File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2068] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=8611a360&toolbarid=blekkotb_052&[...]

*************************

AdwCleaner[S1].txt - [16712 octets] - [19/03/2013 17:13:00]

########## EOF - C:\AdwCleaner[S1].txt - [16773 octets] ##########
  • 0

#5
kyong
Posted 19 March 2013 - 03:25 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Joe [Admin rights]
Mode : Remove -- Date : 03/19/2013 17:23:51
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKCU\[...]\System : DisableCMD (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\System : DisableCMD (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAKS-75V0A0 +++++
--- User ---
[MBR] 40800674ca1346482ec41495c2116c51
[BSP] 74d6b43f4651213f1a7517117817e684 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 289de881249705c7b499ab3917592d1e
[BSP] 74d6b43f4651213f1a7517117817e684 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 289de881249705c7b499ab3917592d1e
[BSP] 74d6b43f4651213f1a7517117817e684 : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo

Finished : << RKreport[2]_D_03192013_02d1723.txt >>
RKreport[1]_S_03192013_02d1723.txt ; RKreport[2]_D_03192013_02d1723.txt
  • 0

#6
gringo_pr
Posted 19 March 2013 - 03:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kyong

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
kyong
Posted 20 March 2013 - 07:22 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Below is the file you wanted posted.

The computer is running slow and I still cannot boot it up in anything other than safe mode or else I get the blue screen of death. It is coming up very slowly even though I shut off all the startup programs in msconfig.

I also keep getting a popup in Internet Explorer saying that I am about to leave a secure internet connection even though I haven't even started browsing and it is only up on the browser's initial home page.

===============================================================================


ComboFix 13-03-20.02 - Joe 03/20/2013 20:49:59.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3959.3125 [GMT -4:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\TelevisionFanaticEI
c:\users\Joe\AppData\Roaming\install
c:\users\Joe\AppData\Roaming\scdata
c:\users\Joe\AppData\Roaming\skynet.dat
c:\windows\svchost.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2013-02-21 to 2013-03-21 )))))))))))))))))))))))))))))))
.
.
2013-03-21 00:58 . 2013-03-21 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-18 00:25 . 2013-03-18 00:25 -------- d-----w- c:\windows\Sun
2013-03-17 21:18 . 2013-03-17 21:18 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-03-17 20:27 . 2013-03-17 20:27 -------- d-----w- c:\users\Joe\AppData\Roaming\AVG2013
2013-03-17 20:26 . 2013-03-17 20:26 -------- d-----w- c:\users\Joe\AppData\Local\AVG SafeGuard toolbar
2013-03-17 20:25 . 2013-03-17 20:24 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-17 20:24 . 2013-03-17 20:24 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-03-17 20:23 . 2013-03-17 20:23 -------- d-----w- C:\$AVG
2013-03-17 20:23 . 2013-03-18 00:06 -------- d-----w- c:\programdata\AVG2013
2013-03-17 20:10 . 2013-03-18 00:24 -------- d-----w- c:\users\Joe\AppData\Local\Avg2013
2013-03-16 23:11 . 2013-03-16 23:11 -------- d-----w- C:\found.000
2013-03-14 07:01 . 2013-03-17 11:49 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-14 07:01 . 2013-03-17 11:49 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-11 21:39 . 2013-03-11 21:39 -------- d-----w- c:\users\Joe\AppData\Roaming\Sling Media
2013-03-03 05:38 . 2013-03-03 05:38 -------- d-----w- c:\users\Joe\AppData\Local\Programs
2013-02-27 03:40 . 2013-02-27 03:40 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-04 18:53 . 2010-04-01 23:46 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-14 07:52 . 2013-02-14 07:52 239416 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-02-12 05:45 . 2013-03-13 19:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 19:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 19:38 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 19:38 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 19:38 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 19:38 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-08 08:37 . 2013-02-08 08:37 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2013-02-08 08:37 . 2013-02-08 08:37 311096 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-02-08 08:37 . 2013-02-08 08:37 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-02-08 08:37 . 2013-02-08 08:37 206136 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-02-08 08:37 . 2013-02-08 08:37 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-01-20 15:08 . 2013-01-20 15:08 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-01-20 15:08 . 2013-01-20 15:08 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-20 15:08 . 2013-01-20 15:08 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-20 15:08 . 2013-01-20 15:08 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-01-05 05:53 . 2013-02-13 07:48 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 07:48 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 07:48 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 07:48 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 07:48 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 07:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 07:48 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 07:48 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 07:48 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 07:48 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 07:48 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 07:48 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 07:48 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-11-26 559616]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-12-14 1091432]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-02-27 246072]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-02-28 4937264]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-02-19 282624]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 msav;Moon Secure Antivirus Core;c:\program files (x86)\Moon Secure Antivirus\msavcore.exe [x]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-11-28 479840]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-09-26 233984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-02-14 239416]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-17 39768]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-12 23:12 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 17:27]
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 17:27]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.15.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-20 21:01:17
ComboFix-quarantined-files.txt 2013-03-21 01:01
.
Pre-Run: 429,855,207,424 bytes free
Post-Run: 429,655,502,848 bytes free
.
- - End Of File - - 019C20FEBD447DF0190F45936AE3C516
  • 0

#8
kyong
Posted 20 March 2013 - 07:37 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Also, the file C:\Windows\svchost.exe that was deleted was recreated and started. It comes up in task manager as winrscmde.
  • 0

#9
gringo_pr
Posted 20 March 2013 - 07:45 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kyong


I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo
  • 0

#10
kyong
Posted 20 March 2013 - 08:21 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I tried to run the programs. TDSSKiller runs when I bring it up, but when I reboot, I get a blue screen so the program never actually gets to scan anything.

I tried the Malwarebytes anti-rootkit and it finds the threats, but when I try to reboot to finish the clean up, I get a blue screen and when the computer comes back up, it is still infected. I put it back into safe mode, and run the program again and all the same infections still exist.
  • 0

Advertisements

#11
gringo_pr
Posted 20 March 2013 - 08:35 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kyong

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
  • 0

#12
kyong
Posted 21 March 2013 - 04:53 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM at 21-03-2013 18:42:35
Running from K:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [] [x]
HKU\Joe\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2011-12-20] (Adobe Systems, Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-11-26] (Dell)
HKLM-x32\...\Runonce: [EE9D3A3C-B9C6-4920-9301-2B72210E0509] cmd.exe /C start /D "C:\Users\Joe\AppData\Local\Temp" /B EE9D3A3C-B9C6-4920-9301-2B72210E0509.exe -activeimages -postboot [x]
HKLM-x32\...\Runonce: [B631ECF5-7AC5-4C5D-9CBB-DCD770679394] cmd.exe /C start /D "C:\Users\Joe\AppData\Local\Temp" /B B631ECF5-7AC5-4C5D-9CBB-DCD770679394.exe -activeimages -postboot [x]
HKLM-x32\...\RunOnce: [Z1] cmd /c "C:\Users\Joe\Desktop\mbar-1.01.0.1021\mbar\mbar.exe" /cleanup /s [1363016 2013-03-20] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.15.1
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [479840 2012-11-27] (Sony Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 msav; C:\Program Files (x86)\Moon Secure Antivirus\msavcore.exe [x]
2 vToolbarUpdater14.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [239416 2013-02-14] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-03-17] (AVG Technologies)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-03-21 15:02 - 2013-03-21 15:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-20 21:15 - 2009-07-13 20:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2013-03-20 21:14 - 2013-03-20 21:14 - 00270984 ____A C:\Windows\Minidump\032013-69779-01.dmp
2013-03-20 21:04 - 2013-03-20 21:04 - 13786977 ____A C:\Users\Joe\Desktop\mbar-1.01.0.1021.zip
2013-03-20 21:04 - 2013-03-20 21:04 - 00000000 ____D C:\Users\Joe\Desktop\mbar-1.01.0.1021
2013-03-20 21:01 - 2013-03-20 21:01 - 00299864 ____A C:\Windows\Minidump\032013-66082-01.dmp
2013-03-20 20:53 - 2013-03-20 20:53 - 00299864 ____A C:\Windows\Minidump\032013-65520-01.dmp
2013-03-20 20:47 - 2013-03-20 20:47 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Joe\Desktop\tdsskiller.exe
2013-03-20 20:14 - 2013-03-20 20:14 - 00291640 ____A C:\Windows\Minidump\032013-72337-01.dmp
2013-03-20 20:01 - 2013-03-20 20:01 - 00015092 ____A C:\ComboFix.txt
2013-03-20 19:44 - 2011-06-26 01:45 - 00256000 ____A C:\Windows\PEV.exe
2013-03-20 19:44 - 2010-11-07 12:20 - 00208896 ____A C:\Windows\MBR.exe
2013-03-20 19:44 - 2009-04-19 23:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-03-20 19:44 - 2000-08-30 19:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-03-20 19:44 - 2000-08-30 19:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-03-20 19:44 - 2000-08-30 19:00 - 00098816 ____A C:\Windows\sed.exe
2013-03-20 19:44 - 2000-08-30 19:00 - 00080412 ____A C:\Windows\grep.exe
2013-03-20 19:44 - 2000-08-30 19:00 - 00068096 ____A C:\Windows\zip.exe
2013-03-20 19:33 - 2013-03-20 20:01 - 00000000 ____D C:\Qoobox
2013-03-20 19:33 - 2013-03-20 19:59 - 00000000 ____D C:\Windows\erdnt
2013-03-20 19:33 - 2013-03-20 19:33 - 05042364 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2013-03-19 16:23 - 2013-03-19 16:23 - 00003194 ____A C:\Users\Joe\Desktop\RKreport[1]_S_03192013_02d1723.txt
2013-03-19 16:23 - 2013-03-19 16:23 - 00003078 ____A C:\Users\Joe\Desktop\RKreport[2]_D_03192013_02d1723.txt
2013-03-19 16:22 - 2013-03-19 16:23 - 00000000 ____D C:\Users\Joe\Desktop\RK_Quarantine
2013-03-19 16:21 - 2013-03-19 16:21 - 00816128 ____A C:\Users\Joe\Desktop\RogueKiller.exe
2013-03-19 16:13 - 2013-03-19 16:13 - 00016747 ____A C:\AdwCleaner[S1].txt
2013-03-19 16:12 - 2013-03-20 20:02 - 00000000 ____D C:\Users\Joe\Desktop\geekstogofiles
2013-03-19 16:12 - 2013-03-19 16:12 - 00609993 ____A C:\Users\Joe\Desktop\adwcleaner.exe
2013-03-19 16:11 - 2013-03-19 16:11 - 00890798 ____A C:\Users\Joe\Desktop\SecurityCheck.exe
2013-03-18 19:45 - 2013-03-18 19:45 - 00061052 ____A C:\Users\Joe\Desktop\Extras.Txt
2013-03-18 19:42 - 2013-03-18 19:42 - 130977792 ____A C:\Users\Joe\Desktop\VIPRERescue16126.exe
2013-03-18 19:34 - 2013-03-20 21:17 - 00003194 ____A C:\Users\Joe\Desktop\Rkill.txt
2013-03-18 19:34 - 2013-03-18 19:44 - 00080292 ____A C:\Users\Joe\Desktop\OTL.Txt
2013-03-18 19:34 - 2013-03-18 19:36 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Joe\Desktop\rkill.exe
2013-03-18 19:27 - 2013-03-18 19:28 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.scr
2013-03-18 19:26 - 2013-03-18 19:26 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.exe
2013-03-18 19:14 - 2013-03-18 19:14 - 00291640 ____A C:\Windows\Minidump\031813-34772-01.dmp
2013-03-18 19:10 - 2013-03-18 19:10 - 00270984 ____A C:\Windows\Minidump\031813-42806-01.dmp
2013-03-18 18:30 - 2013-03-18 18:30 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-18 18:30 - 2013-03-18 18:30 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-18 18:30 - 2013-03-18 18:30 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-18 18:29 - 2013-03-18 18:29 - 04717984 ____A (Red Dog Media) C:\Users\Joe\Downloads\PC Utility Kit Installer.exe
2013-03-17 19:25 - 2013-03-17 19:25 - 00000000 ____D C:\Windows\Sun
2013-03-17 19:22 - 2013-03-17 19:22 - 00291640 ____A C:\Windows\Minidump\031713-38547-01.dmp
2013-03-17 19:17 - 2013-03-17 19:17 - 00291640 ____A C:\Windows\Minidump\031713-41901-01.dmp
2013-03-17 16:18 - 2013-03-17 16:18 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-03-17 16:18 - 2013-03-17 16:18 - 00000000 ____D C:\ProgramData\Application Data\AVG SafeGuard toolbar
2013-03-17 15:27 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Joe\Application Data\AVG2013
2013-03-17 15:27 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Joe\AppData\Roaming\AVG2013
2013-03-17 15:26 - 2013-03-17 15:26 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-03-17 15:26 - 2013-03-17 15:26 - 00000967 ____A C:\ProgramData\Desktop\AVG 2013.lnk
2013-03-17 15:26 - 2013-03-17 15:26 - 00000000 ____D C:\Users\Joe\Local Settings\AVG SafeGuard toolbar
2013-03-17 15:26 - 2013-03-17 15:26 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\AVG SafeGuard toolbar
2013-03-17 15:26 - 2013-03-17 15:26 - 00000000 ____D C:\Users\Joe\AppData\Local\AVG SafeGuard toolbar
2013-03-17 15:25 - 2013-03-17 15:24 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-03-17 15:24 - 2013-03-17 15:24 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-03-17 15:23 - 2013-03-17 19:06 - 00000000 ____D C:\ProgramData\AVG2013
2013-03-17 15:23 - 2013-03-17 19:06 - 00000000 ____D C:\ProgramData\Application Data\AVG2013
2013-03-17 15:23 - 2013-03-17 15:23 - 00000000 ____D C:\$AVG
2013-03-17 15:15 - 2013-03-17 15:15 - 04447072 ____A (AVG Technologies) C:\Users\Joe\Downloads\avg_free_stb_all_2013_3258_cnet.exe
2013-03-17 15:10 - 2013-03-17 19:24 - 00000000 ____D C:\Users\Joe\Local Settings\Avg2013
2013-03-17 15:10 - 2013-03-17 19:24 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\Avg2013
2013-03-17 15:10 - 2013-03-17 19:24 - 00000000 ____D C:\Users\Joe\AppData\Local\Avg2013
2013-03-17 15:08 - 2013-03-17 15:08 - 00172032 ____A (McAfee, Inc.) C:\Users\Joe\Downloads\McPreInstall.exe
2013-03-17 15:08 - 2013-03-17 15:08 - 00001590 ____A C:\Users\Joe\Downloads\runme.bat
2013-03-17 14:52 - 2013-03-17 14:52 - 00803688 ____A C:\Users\Joe\Local Settings\census.cache
2013-03-17 14:52 - 2013-03-17 14:52 - 00803688 ____A C:\Users\Joe\Local Settings\Application Data\census.cache
2013-03-17 14:52 - 2013-03-17 14:52 - 00803688 ____A C:\Users\Joe\AppData\Local\census.cache
2013-03-17 14:51 - 2013-03-17 14:51 - 00100996 ____A C:\Users\Joe\Local Settings\ars.cache
2013-03-17 14:51 - 2013-03-17 14:51 - 00100996 ____A C:\Users\Joe\Local Settings\Application Data\ars.cache
2013-03-17 14:51 - 2013-03-17 14:51 - 00100996 ____A C:\Users\Joe\AppData\Local\ars.cache
2013-03-17 14:42 - 2013-03-17 14:42 - 02406064 ____A (Trend Micro Inc.) C:\Users\Joe\Downloads\HousecallLauncher64.exe
2013-03-17 14:34 - 2013-03-17 14:34 - 00000000 ____D C:\Windows\pss
2013-03-17 11:22 - 2013-03-17 19:48 - 00027679 ____A C:\Users\Joe\Desktop\avgrep.txt
2013-03-17 11:07 - 2013-03-17 11:07 - 00291640 ____A C:\Windows\Minidump\031713-49374-01.dmp
2013-03-17 11:01 - 2013-03-17 11:01 - 00291640 ____A C:\Windows\Minidump\031713-66518-01.dmp
2013-03-16 20:12 - 2013-03-16 20:12 - 00291640 ____A C:\Windows\Minidump\031613-71432-01.dmp
2013-03-16 19:53 - 2013-03-16 19:53 - 00003608 ____N C:\bootsqm.dat
2013-03-16 18:11 - 2013-03-16 18:11 - 00000000 ____D C:\found.000
2013-03-16 18:05 - 2013-03-16 18:06 - 00270984 ____A C:\Windows\Minidump\031613-64178-01.dmp
2013-03-16 17:59 - 2013-03-16 17:59 - 00270864 ____A C:\Windows\Minidump\031613-26270-01.dmp
2013-03-16 17:52 - 2013-03-16 17:53 - 00291640 ____A C:\Windows\Minidump\031613-35864-01.dmp
2013-03-16 17:44 - 2013-03-16 17:44 - 00291640 ____A C:\Windows\Minidump\031613-21621-01.dmp
2013-03-16 17:41 - 2013-03-20 21:14 - 00000000 ____D C:\Windows\Minidump
2013-03-16 17:41 - 2013-03-20 21:13 - 407740971 ____A C:\Windows\MEMORY.DMP
2013-03-16 17:41 - 2013-03-16 17:41 - 00291640 ____A C:\Windows\Minidump\031613-38111-01.dmp
2013-03-14 02:01 - 2013-03-17 06:49 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-14 02:01 - 2013-03-17 06:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-13 14:38 - 2013-02-28 08:57 - 12296192 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-03-13 14:38 - 2013-02-28 08:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-03-13 14:38 - 2013-02-28 08:37 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-03-13 14:38 - 2013-02-28 07:03 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-03-13 14:38 - 2013-02-28 06:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-03-11 16:39 - 2013-03-11 16:39 - 00000000 ____D C:\Users\Joe\Application Data\Sling Media
2013-03-11 16:39 - 2013-03-11 16:39 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Sling Media
2013-03-07 15:18 - 2013-03-07 15:18 - 00000000 ____D C:\Users\Joe\Desktop\New folder (2)
2013-02-28 03:00 - 2013-01-13 16:17 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:17 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:16 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:12 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:11 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:11 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 16:11 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:35 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:35 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:35 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:31 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-02-28 03:00 - 2013-01-13 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:31 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:31 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:31 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-02-28 03:00 - 2013-01-13 15:22 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-02-28 03:00 - 2013-01-13 15:20 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-02-28 03:00 - 2013-01-13 15:09 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-02-28 03:00 - 2013-01-13 15:08 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-02-28 03:00 - 2013-01-13 15:08 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-02-28 03:00 - 2013-01-13 14:59 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-02-28 03:00 - 2013-01-13 14:58 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-02-28 03:00 - 2013-01-13 14:54 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-02-28 03:00 - 2013-01-13 14:53 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-02-28 03:00 - 2013-01-13 14:53 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-02-28 03:00 - 2013-01-13 14:51 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-02-28 03:00 - 2013-01-13 14:49 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-02-28 03:00 - 2013-01-13 14:48 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-02-28 03:00 - 2013-01-13 14:46 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-02-28 03:00 - 2013-01-13 14:43 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-02-28 03:00 - 2013-01-13 14:38 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-02-28 03:00 - 2013-01-13 14:38 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-02-28 03:00 - 2013-01-13 14:38 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-02-28 03:00 - 2013-01-13 14:37 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-02-28 03:00 - 2013-01-13 14:25 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-02-28 03:00 - 2013-01-13 14:24 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-02-28 03:00 - 2013-01-13 14:24 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-02-28 03:00 - 2013-01-13 14:20 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-02-28 03:00 - 2013-01-13 14:20 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-02-28 03:00 - 2013-01-13 14:15 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-02-28 03:00 - 2013-01-13 14:10 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-02-28 03:00 - 2013-01-13 14:02 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-02-28 03:00 - 2013-01-13 13:34 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-02-28 03:00 - 2013-01-13 13:32 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-02-28 03:00 - 2013-01-13 13:09 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-02-28 03:00 - 2013-01-13 12:26 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-02-28 03:00 - 2013-01-13 12:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-02-28 03:00 - 2013-01-04 01:11 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-02-28 03:00 - 2013-01-04 01:11 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-02-26 22:40 - 2013-02-26 22:40 - 00246072 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys


==================== One Month Modified Files and Folders =======

2013-03-21 18:42 - 2013-03-21 18:42 - 00000000 ____D C:\FRST
2013-03-21 15:02 - 2013-03-21 15:02 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-03-20 21:17 - 2013-03-18 19:34 - 00003194 ____A C:\Users\Joe\Desktop\Rkill.txt
2013-03-20 21:14 - 2013-03-20 21:14 - 00270984 ____A C:\Windows\Minidump\032013-69779-01.dmp
2013-03-20 21:14 - 2013-03-16 17:41 - 00000000 ____D C:\Windows\Minidump
2013-03-20 21:13 - 2013-03-16 17:41 - 407740971 ____A C:\Windows\MEMORY.DMP
2013-03-20 21:04 - 2013-03-20 21:04 - 13786977 ____A C:\Users\Joe\Desktop\mbar-1.01.0.1021.zip
2013-03-20 21:04 - 2013-03-20 21:04 - 00000000 ____D C:\Users\Joe\Desktop\mbar-1.01.0.1021
2013-03-20 21:01 - 2013-03-20 21:01 - 00299864 ____A C:\Windows\Minidump\032013-66082-01.dmp
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Joe\Local Settings\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Joe\AppData\Local\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-03-20 20:59 - 2010-03-29 15:11 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-03-20 20:59 - 2010-03-22 09:19 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-03-20 20:57 - 2011-02-22 12:27 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-03-20 20:57 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-03-20 20:56 - 2009-07-13 23:51 - 00049364 ____A C:\Windows\setupact.log
2013-03-20 20:53 - 2013-03-20 20:53 - 00299864 ____A C:\Windows\Minidump\032013-65520-01.dmp
2013-03-20 20:47 - 2013-03-20 20:47 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Joe\Desktop\tdsskiller.exe
2013-03-20 20:14 - 2013-03-20 20:14 - 00291640 ____A C:\Windows\Minidump\032013-72337-01.dmp
2013-03-20 20:12 - 2009-07-14 00:10 - 01090297 ____A C:\Windows\WindowsUpdate.log
2013-03-20 20:08 - 2012-03-02 17:50 - 00000000 ____D C:\ProgramData\MFAData
2013-03-20 20:08 - 2012-03-02 17:50 - 00000000 ____D C:\ProgramData\Application Data\MFAData
2013-03-20 20:04 - 2010-03-22 10:59 - 00661040 ____A C:\Windows\PFRO.log
2013-03-20 20:02 - 2013-03-19 16:12 - 00000000 ____D C:\Users\Joe\Desktop\geekstogofiles
2013-03-20 20:01 - 2013-03-20 20:01 - 00015092 ____A C:\ComboFix.txt
2013-03-20 20:01 - 2013-03-20 19:33 - 00000000 ____D C:\Qoobox
2013-03-20 19:59 - 2013-03-20 19:33 - 00000000 ____D C:\Windows\erdnt
2013-03-20 19:59 - 2009-07-13 21:34 - 00000215 ____A C:\Windows\system.ini
2013-03-20 19:33 - 2013-03-20 19:33 - 05042364 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe
2013-03-19 16:23 - 2013-03-19 16:23 - 00003194 ____A C:\Users\Joe\Desktop\RKreport[1]_S_03192013_02d1723.txt
2013-03-19 16:23 - 2013-03-19 16:23 - 00003078 ____A C:\Users\Joe\Desktop\RKreport[2]_D_03192013_02d1723.txt
2013-03-19 16:23 - 2013-03-19 16:22 - 00000000 ____D C:\Users\Joe\Desktop\RK_Quarantine
2013-03-19 16:21 - 2013-03-19 16:21 - 00816128 ____A C:\Users\Joe\Desktop\RogueKiller.exe
2013-03-19 16:15 - 2011-02-22 12:27 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-03-19 16:13 - 2013-03-19 16:13 - 00016747 ____A C:\AdwCleaner[S1].txt
2013-03-19 16:12 - 2013-03-19 16:12 - 00609993 ____A C:\Users\Joe\Desktop\adwcleaner.exe
2013-03-19 16:11 - 2013-03-19 16:11 - 00890798 ____A C:\Users\Joe\Desktop\SecurityCheck.exe
2013-03-18 19:45 - 2013-03-18 19:45 - 00061052 ____A C:\Users\Joe\Desktop\Extras.Txt
2013-03-18 19:44 - 2013-03-18 19:34 - 00080292 ____A C:\Users\Joe\Desktop\OTL.Txt
2013-03-18 19:42 - 2013-03-18 19:42 - 130977792 ____A C:\Users\Joe\Desktop\VIPRERescue16126.exe
2013-03-18 19:36 - 2013-03-18 19:34 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Joe\Desktop\rkill.exe
2013-03-18 19:29 - 2010-08-14 12:18 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.com
2013-03-18 19:28 - 2013-03-18 19:27 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.scr
2013-03-18 19:26 - 2013-03-18 19:26 - 00602112 ____A (OldTimer Tools) C:\Users\Joe\Desktop\OTL.exe
2013-03-18 19:14 - 2013-03-18 19:14 - 00291640 ____A C:\Windows\Minidump\031813-34772-01.dmp
2013-03-18 19:10 - 2013-03-18 19:10 - 00270984 ____A C:\Windows\Minidump\031813-42806-01.dmp
2013-03-18 18:30 - 2013-03-18 18:30 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Joe\Downloads\mbam-setup-1.70.0.1100.exe
2013-03-18 18:30 - 2013-03-18 18:30 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-18 18:30 - 2013-03-18 18:30 - 00001111 ____A C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-03-18 18:30 - 2012-11-24 13:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-18 18:29 - 2013-03-18 18:29 - 04717984 ____A (Red Dog Media) C:\Users\Joe\Downloads\PC Utility Kit Installer.exe
2013-03-17 19:48 - 2013-03-17 11:22 - 00027679 ____A C:\Users\Joe\Desktop\avgrep.txt
2013-03-17 19:25 - 2013-03-17 19:25 - 00000000 ____D C:\Windows\Sun
2013-03-17 19:24 - 2013-03-17 15:10 - 00000000 ____D C:\Users\Joe\Local Settings\Avg2013
2013-03-17 19:24 - 2013-03-17 15:10 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\Avg2013
2013-03-17 19:24 - 2013-03-17 15:10 - 00000000 ____D C:\Users\Joe\AppData\Local\Avg2013
2013-03-17 19:22 - 2013-03-17 19:22 - 00291640 ____A C:\Windows\Minidump\031713-38547-01.dmp
2013-03-17 19:17 - 2013-03-17 19:17 - 00291640 ____A C:\Windows\Minidump\031713-41901-01.dmp
2013-03-17 19:06 - 2013-03-17 15:23 - 00000000 ____D C:\ProgramData\AVG2013
2013-03-17 19:06 - 2013-03-17 15:23 - 00000000 ____D C:\ProgramData\Application Data\AVG2013
2013-03-17 16:29 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-03-17 16:29 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-03-17 16:18 - 2013-03-17 16:18 - 00000000 ____D C:\ProgramData\AVG SafeGuard toolbar
2013-03-17 16:18 - 2013-03-17 16:18 - 00000000 ____D C:\ProgramData\Application Data\AVG SafeGuard toolbar
2013-03-17 15:27 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Joe\Application Data\AVG2013
2013-03-17 15:27 - 2013-03-17 15:27 - 00000000 ____D C:\Users\Joe\AppData\Roaming\AVG2013
2013-03-17 15:26 - 2013-03-17 15:26 - 00000967 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-03-17 15:26 - 2013-03-17 15:26 - 00000967 ____A C:\ProgramData\Desktop\AVG 2013.lnk
2013-03-17 15:26 - 2013-03-17 15:26 - 00000000 ____D C:\Users\Joe\Local Settings\AVG SafeGuard toolbar
2013-03-17 15:26 - 2013-03-17 15:26 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\AVG SafeGuard toolbar
2013-03-17 15:26 - 2013-03-17 15:26 - 00000000 ____D C:\Users\Joe\AppData\Local\AVG SafeGuard toolbar
2013-03-17 15:24 - 2013-03-17 15:25 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-03-17 15:24 - 2013-03-17 15:24 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-03-17 15:24 - 2009-07-14 00:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-03-17 15:23 - 2013-03-17 15:23 - 00000000 ____D C:\$AVG
2013-03-17 15:15 - 2013-03-17 15:15 - 04447072 ____A (AVG Technologies) C:\Users\Joe\Downloads\avg_free_stb_all_2013_3258_cnet.exe
2013-03-17 15:11 - 2009-07-13 23:54 - 00000749 __RAH C:\Windows\WindowsShell.Manifest
2013-03-17 15:11 - 2009-07-13 23:54 - 00000174 ___SH C:\Users\Public\desktop.ini
2013-03-17 15:11 - 2009-07-13 23:54 - 00000174 ___SH C:\users\desktop.ini
2013-03-17 15:11 - 2009-07-13 23:54 - 00000174 ___SH C:\Program Files (x86)\desktop.ini
2013-03-17 15:11 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-03-17 15:08 - 2013-03-17 15:08 - 00172032 ____A (McAfee, Inc.) C:\Users\Joe\Downloads\McPreInstall.exe
2013-03-17 15:08 - 2013-03-17 15:08 - 00001590 ____A C:\Users\Joe\Downloads\runme.bat
2013-03-17 14:52 - 2013-03-17 14:52 - 00803688 ____A C:\Users\Joe\Local Settings\census.cache
2013-03-17 14:52 - 2013-03-17 14:52 - 00803688 ____A C:\Users\Joe\Local Settings\Application Data\census.cache
2013-03-17 14:52 - 2013-03-17 14:52 - 00803688 ____A C:\Users\Joe\AppData\Local\census.cache
2013-03-17 14:51 - 2013-03-17 14:51 - 00100996 ____A C:\Users\Joe\Local Settings\ars.cache
2013-03-17 14:51 - 2013-03-17 14:51 - 00100996 ____A C:\Users\Joe\Local Settings\Application Data\ars.cache
2013-03-17 14:51 - 2013-03-17 14:51 - 00100996 ____A C:\Users\Joe\AppData\Local\ars.cache
2013-03-17 14:42 - 2013-03-17 14:42 - 02406064 ____A (Trend Micro Inc.) C:\Users\Joe\Downloads\HousecallLauncher64.exe
2013-03-17 14:34 - 2013-03-17 14:34 - 00000000 ____D C:\Windows\pss
2013-03-17 11:21 - 2012-11-18 15:36 - 00000278 ____A C:\Users\Joe\Application Data\wklnhst.dat
2013-03-17 11:21 - 2012-11-18 15:36 - 00000278 ____A C:\Users\Joe\AppData\Roaming\wklnhst.dat
2013-03-17 11:07 - 2013-03-17 11:07 - 00291640 ____A C:\Windows\Minidump\031713-49374-01.dmp
2013-03-17 11:04 - 2010-03-30 12:41 - 00000000 ____D C:\Users\Joe\Tracing
2013-03-17 11:01 - 2013-03-17 11:01 - 00291640 ____A C:\Windows\Minidump\031713-66518-01.dmp
2013-03-17 06:49 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-03-17 06:49 - 2013-03-14 02:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-03-17 06:49 - 2012-12-05 17:26 - 00000000 ____D C:\Users\Joe\Local Settings\PokerStars.NET
2013-03-17 06:49 - 2012-12-05 17:26 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\PokerStars.NET
2013-03-17 06:49 - 2012-12-05 17:26 - 00000000 ____D C:\Users\Joe\AppData\Local\PokerStars.NET
2013-03-17 06:49 - 2012-11-18 19:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-03-17 06:49 - 2012-11-18 19:18 - 00000000 ____D C:\ProgramData\Application Data\Spybot - Search & Destroy
2013-03-17 06:49 - 2010-12-23 15:51 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-03-17 06:49 - 2010-12-23 15:51 - 00000000 ____D C:\ProgramData\Application Data\Yahoo! Companion
2013-03-17 06:49 - 2010-12-23 15:42 - 00000000 ____D C:\ProgramData\HP
2013-03-17 06:49 - 2010-12-23 15:42 - 00000000 ____D C:\ProgramData\Application Data\HP
2013-03-17 06:49 - 2010-03-29 15:12 - 00000000 ____D C:\Users\Joe\Local Settings\Stardock_Corporation
2013-03-17 06:49 - 2010-03-29 15:12 - 00000000 ____D C:\Users\Joe\Local Settings\Application Data\Stardock_Corporation
2013-03-17 06:49 - 2010-03-29 15:12 - 00000000 ____D C:\Users\Joe\AppData\Local\Stardock_Corporation
2013-03-17 06:49 - 2010-03-29 15:08 - 00000000 ____D C:\users\Joe
2013-03-17 06:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-03-17 06:49 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\AppCompat
2013-03-17 06:49 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-03-16 20:12 - 2013-03-16 20:12 - 00291640 ____A C:\Windows\Minidump\031613-71432-01.dmp
2013-03-16 19:53 - 2013-03-16 19:53 - 00003608 ____N C:\bootsqm.dat
2013-03-16 18:11 - 2013-03-16 18:11 - 00000000 ____D C:\found.000
2013-03-16 18:06 - 2013-03-16 18:05 - 00270984 ____A C:\Windows\Minidump\031613-64178-01.dmp
2013-03-16 17:59 - 2013-03-16 17:59 - 00270864 ____A C:\Windows\Minidump\031613-26270-01.dmp
2013-03-16 17:53 - 2013-03-16 17:52 - 00291640 ____A C:\Windows\Minidump\031613-35864-01.dmp
2013-03-16 17:44 - 2013-03-16 17:44 - 00291640 ____A C:\Windows\Minidump\031613-21621-01.dmp
2013-03-16 17:41 - 2013-03-16 17:41 - 00291640 ____A C:\Windows\Minidump\031613-38111-01.dmp
2013-03-16 17:34 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-03-12 18:13 - 2011-02-22 12:28 - 00002185 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-03-12 18:13 - 2011-02-22 12:28 - 00002185 ____A C:\ProgramData\Desktop\Google Chrome.lnk
2013-03-11 16:39 - 2013-03-11 16:39 - 00000000 ____D C:\Users\Joe\Application Data\Sling Media
2013-03-11 16:39 - 2013-03-11 16:39 - 00000000 ____D C:\Users\Joe\AppData\Roaming\Sling Media
2013-03-07 15:18 - 2013-03-07 15:18 - 00000000 ____D C:\Users\Joe\Desktop\New folder (2)
2013-03-07 15:17 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-03-04 13:53 - 2010-04-01 18:46 - 72013344 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-02-28 08:57 - 2013-03-13 14:38 - 12296192 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 09061376 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 00735744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-02-28 08:57 - 2013-03-13 14:38 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-02-28 08:37 - 2013-03-13 14:38 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-02-28 07:03 - 2013-03-13 14:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-02-28 06:38 - 2013-03-13 14:38 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-02-28 03:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-02-28 03:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-02-28 03:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-02-28 03:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-02-26 22:40 - 2013-02-26 22:40 - 00246072 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.sys

ATTENTION: ========> Check for possible partition/boot infection:
C:\Windows\svchost.exe

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-02-13 03:00:38
Restore point made on: 2013-02-21 00:00:13
Restore point made on: 2013-02-28 02:52:14
Restore point made on: 2013-02-28 03:00:24
Restore point made on: 2013-03-08 02:11:34
Restore point made on: 2013-03-14 02:00:38
Restore point made on: 2013-03-17 15:07:57
Restore point made on: 2013-03-17 15:10:07
Restore point made on: 2013-03-17 15:16:10
Restore point made on: 2013-03-17 15:23:11

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3959.08 MB
Available physical RAM: 3373.69 MB
Total Pagefile: 3957.23 MB
Available Pagefile: 3357.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:398.85 GB) NTFS
2 Drive d: (SlotsDual) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS
7 Drive i: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive i: detected. Check for MBR/Partition infection.
9 Drive k: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 1901 MB 0 B

Partitions of Disk 0:
===============

Disk ID: 4C90D62D

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 I RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 5:
===============

Disk ID: 00000001

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 1901 MB 0 B

==================================================================================

Disk: 5
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 4C90D62D

Partition 1:
=========
Hex: 80000E00000000000D00000000000000
Active: YES
Type: 00
Size: 0 byte
ATTENTION ===> 0 byte partition bootkit on partition 1

Partition 2:
=========
Hex: 00010100DEFE3F043F00000086390100
Active: NO
Type: DE
Size: 39 MB

Partition 3:
=========
Hex: 8019150507FEFFFF0040010000C0D401
Active: YES
Type: 07 (NTFS)
Size: 15 GB

Partition 4:
=========
Hex: 00FEFFFF07FEFFFF0000D60130586238
Active: NO
Type: 07 (NTFS)
Size: 451 GB

==============================
Partitions of Disk 5:
===============
Disk ID: 73696D20

Partition 1:
=========
Hex: 6E67FF0D0A4469736B206572726F72FF
Active: NO
Type: 0A
Size: -4750121984 byte

Partition 2:
=========
Hex: 0D0A507265737320616E79206B657920
Active: NO
Type: 65
Size: 260 GB

Partition 3:
=========
Hex: 746F20726573746172740D0A00000000
Active: NO
Type: 65
Size: 0 byte

Partition 4:
=========
Hex: 0000000000000000000000ACC1CE0000
Active: NO
Type: 00
Size: 26 MB


Last Boot: 2013-03-15 00:03

==================== End Of Log =============================
  • 0

#13
kyong
Posted 21 March 2013 - 04:54 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Farbar Recovery Scan Tool (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-21 18:44:41
Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2013-03-20 19:59] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======
  • 0

#14
gringo_pr
Posted 21 March 2013 - 08:21 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello kyong



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt 

TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
  • 0

#15
kyong
Posted 22 March 2013 - 05:15 PM

kyong

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hey Gringo. Thanks for sticking with this. Ran FRST again. Ran it once. Looked at log and it said it was completed successfully. Restared and no improvement. Looked at flash drive and noticed fixlist.txt was gone. Thought I forgot to save it on the drive. So I re-ran FRST. The new log is posted below, and it says it couldn't find the data element, so I suppose the file you were looking to fix was fixed. Sorry, I hope I didn't screw anything up by running FRST twice. Computer still bluescreens at startup.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-03-22 19:02:47 Run:2
Running from K:\

==============================================


An error occurred while attempting to delete the specified data element.
Element not found.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP