Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect, can't remove


  • This topic is locked This topic is locked
20 replies to this topic

#1 narclepticfool

narclepticfool

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 19 November 2011 - 12:11 PM

Hey!

So I got the fake system restore thing, but didn't buy anything because I knew it was a scam. That seems to have been taken care of with AVG Free 2012 and Ad-Aware Pro. I still have an issue with searches on google being redirected and also a number of new virus attacks. It comes up under the AVG 2012 as antapi redirect or something like that. After a scan, AVG tells me to restart my computer and that it will be removed, but it doesn't happen. Also, Internet Explorer randomly opens when I am running Firefox, and sometimes background audio ads run too. Not sure what that is all about. I've attached the logs requested. Let me know what else I need to do. Thanks so much for your help!!

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:40 PM

Posted 23 November 2011 - 01:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 narclepticfool

narclepticfool
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 23 November 2011 - 04:59 PM

Run by Ben at 16:38:32 on 2011-11-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2035 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg"&"inst=NzYtOTI4NTE0MDEzLVRCOSsxLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: netflix.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4D36D9C2-5FCB-47A7-A2F3-82E1D0E2FF1A} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7ACC0B62-0746-4B6D-9A63-D080D23FD1FD} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg"&"inst=NzYtOTI4NTE0MDEzLVRCOSsxLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1831"&"mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0jixbene.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox|http://forecast.weather.gov/MapClick.php?zoneid=MEZ019&zflg=1|http://vfrworld.com/forums/content.php|http://www.marksdailyapple.com/primal-blueprint-101/|http://www.stumbleupon.com/home/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8fee84ee-3dee-44e5-9cb6-4395424f0720%7D&mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-05%2016%3A04%3A16&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Program Files (x86)\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Ben\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-2 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-5 246624]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S1 fanio;FanIO driver;\??\C:\Windows\system32\drivers\fanio.sys --> C:\Windows\system32\drivers\fanio.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-7-6 2152152]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-12 366152]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-11-27 17152]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2010-2-4 93336]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-23 21:37:33 -------- d-----w- C:\Users\Ben\AppData\Local\{5935FDD3-5D41-4D70-A34C-E3BFA31661E6}
2011-11-23 21:36:59 -------- d-----w- C:\Users\Ben\AppData\Local\{39680960-9948-4566-95FA-C640469B8307}
2011-11-23 01:02:39 -------- d-----w- C:\Users\Ben\AppData\Roaming\TmHH5sQJ7EK8R9Y
2011-11-23 01:02:39 -------- d-----w- C:\Users\Ben\AppData\Roaming\CIBtzPNyc1v2b4
2011-11-23 00:00:21 -------- d-----w- C:\Users\Ben\AppData\Roaming\x1uvS2obFpG
2011-11-23 00:00:21 -------- d-----w- C:\Users\Ben\AppData\Roaming\IfRZ9hTXwUeI
2011-11-23 00:00:14 -------- d-----w- C:\Users\Ben\AppData\Roaming\7EA7F
2011-11-22 22:48:30 -------- d-----w- C:\Users\Ben\AppData\Roaming\NRRZqhhXwkVeOtP
2011-11-22 22:48:30 -------- d-----w- C:\Users\Ben\AppData\Roaming\myycc11vD2nFpHs
2011-11-22 22:48:25 -------- d-----w- C:\Users\Ben\AppData\Roaming\eD2ooFFpmH5Q7EK
2011-11-22 22:48:24 -------- d-----w- C:\Users\Ben\AppData\Roaming\tCwkkUVrOBtx0
2011-11-22 22:48:24 -------- d-----w- C:\Users\Ben\AppData\Roaming\QS11ibD3oG4
2011-11-22 21:02:40 -------- d-----w- C:\Users\Ben\AppData\Local\{4D9F228B-D833-43B3-9007-1F47CD494E04}
2011-11-22 21:02:09 -------- d-----w- C:\Users\Ben\AppData\Local\{85DF313C-E194-4EC2-A7BB-7984C00D452B}
2011-11-22 00:27:40 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2011-11-21 20:47:53 -------- d-----w- C:\Users\Ben\AppData\Local\{901DD28F-DB1D-46E5-AD22-B2A3786CF1D7}
2011-11-21 20:47:27 -------- d-----w- C:\Users\Ben\AppData\Local\{93C3D102-6F80-4C52-AE4A-A4D1D2974AF7}
2011-11-20 17:12:16 -------- d-----w- C:\Users\Ben\AppData\Local\{A2850256-EE34-4D6F-A07B-33BC4B0AD5B3}
2011-11-20 17:11:53 -------- d-----w- C:\Users\Ben\AppData\Local\{98A27EF9-DAC2-47A6-92BC-BEEE90D4D111}
2011-11-20 13:58:36 -------- d-----w- C:\Users\Ben\AppData\Local\{3D665F6A-8FAB-4906-82C5-412074CEFCC4}
2011-11-20 13:58:26 -------- d-----w- C:\Users\Ben\AppData\Local\{FAF2FE7C-BD5D-4C64-8027-95DA27B31258}
2011-11-20 13:17:53 -------- d-----w- C:\Users\Ben\AppData\Local\{27C9B898-45E0-48A6-A94C-4A5E28ECED64}
2011-11-19 13:47:30 -------- d-----w- C:\Users\Ben\AppData\Local\{223C4493-DF4A-408D-B069-065635C84F3F}
2011-11-19 13:47:20 -------- d-----w- C:\Users\Ben\AppData\Local\{68707836-5C88-4174-A0F1-84C714F26E0F}
2011-11-18 23:15:17 -------- d-----w- C:\Users\Ben\AppData\Roaming\xcAA1uvDobF
2011-11-18 22:07:54 -------- d-----w- C:\Users\Ben\AppData\Local\{4D27CA2A-9EE9-45A5-B404-EC57804371EA}
2011-11-18 22:07:14 -------- d-----w- C:\Users\Ben\AppData\Local\{DB5FAB60-A0EE-4008-AEA0-763A6BD5E98E}
2011-11-18 05:08:11 -------- d-----w- C:\Program Files\iTunes
2011-11-18 05:08:11 -------- d-----w- C:\Program Files\iPod
2011-11-18 05:08:11 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-18 05:00:44 -------- d-----w- C:\Users\Ben\AppData\Local\{8C2C1189-53B7-4AAC-90D0-B1885D50859B}
2011-11-18 05:00:30 -------- d-----w- C:\Users\Ben\AppData\Local\{E9E3DCE1-6E9A-4B36-9905-0330BAC7F6EC}
2011-11-16 23:02:37 -------- d-----w- C:\Users\Ben\AppData\Local\{ED79844A-ED33-4769-9FD9-3834ABCD3BD2}
2011-11-16 23:02:26 -------- d-----w- C:\Users\Ben\AppData\Local\{949A4CF7-BD27-45D6-AB76-40C765FDA399}
2011-11-16 10:45:40 -------- d-----w- C:\Users\Ben\AppData\Local\{2508550F-45C7-49B4-B667-39307F2B13CE}
2011-11-16 10:45:07 -------- d-----w- C:\Users\Ben\AppData\Local\{C4824A64-54F6-42A7-BEDB-51247C72E03C}
2011-11-15 20:39:37 -------- d-----w- C:\Users\Ben\AppData\Local\{70DA2448-3665-4D80-AFF8-F7959ED4CAC4}
2011-11-15 20:39:26 -------- d-----w- C:\Users\Ben\AppData\Local\{5B90DCD4-E14E-4A01-A176-580565045949}
2011-11-15 01:52:03 -------- d-----w- C:\Users\Ben\AppData\Local\{42DF5465-E55E-4D58-BFE9-33CB858F1648}
2011-11-15 01:51:53 -------- d-----w- C:\Users\Ben\AppData\Local\{61870F5C-E1F8-407C-B5FC-CA2DCD2F2FB7}
2011-11-14 11:04:09 -------- d-----w- C:\Users\Ben\AppData\Local\{CC2DEFA4-6D34-462D-8F0D-BE72895273F4}
2011-11-14 11:03:58 -------- d-----w- C:\Users\Ben\AppData\Local\{6E29896C-C6D4-4FBD-99A1-CF1A42280D09}
2011-11-13 13:15:37 -------- d-----w- C:\Users\Ben\AppData\Local\{083C04E3-9F88-4E28-A86D-5F10ACF56119}
2011-11-13 13:15:26 -------- d-----w- C:\Users\Ben\AppData\Local\{A3B20729-07A4-49D1-BF9F-4ED4EE6903A2}
2011-11-12 21:14:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-12 20:12:18 -------- d-s---w- C:\ComboFix
2011-11-12 19:39:04 -------- d-----w- C:\Users\Ben\AppData\Local\{B27BB1D6-0676-4A69-97BA-C8FB50FD033E}
2011-11-12 19:38:26 -------- d-----w- C:\Users\Ben\AppData\Local\{424A9C54-B202-4C8A-8DFA-FEFC6BBA18AB}
2011-11-12 02:24:15 -------- d--h--w- C:\$AVG
2011-11-12 02:19:44 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-11-12 01:44:12 -------- d-----w- C:\Program Files (x86)\Steam
2011-11-11 19:36:17 -------- d-----w- C:\Users\Ben\AppData\Local\{C621FC48-30B3-4ACC-B67E-0B8E48D3FF7F}
2011-11-11 19:35:49 -------- d-----w- C:\Users\Ben\AppData\Local\{801CA3FC-49EC-4681-9602-E33D47250899}
2011-11-11 01:48:19 -------- d-----w- C:\Users\Ben\AppData\Local\{F9BB301A-13B3-4725-B1D2-3D0D276491A3}
2011-11-11 01:48:08 -------- d-----w- C:\Users\Ben\AppData\Local\{E72167F0-27BF-44A5-B3F2-AAB39B48A9E6}
2011-11-08 23:40:56 -------- d-----w- C:\Users\Ben\AppData\Local\{DCE74050-7AF1-41F0-8D53-2781756408C9}
2011-11-08 23:40:45 -------- d-----w- C:\Users\Ben\AppData\Local\{3D089BA0-BB4D-4295-BF93-5CAEEC5FAD90}
2011-11-08 10:41:27 -------- d-----w- C:\Users\Ben\AppData\Local\{B48F26FB-6B6A-435E-B114-218B898C880F}
2011-11-08 10:40:50 -------- d-----w- C:\Users\Ben\AppData\Local\{166B2F6C-6E66-464E-9390-A410CEB27C11}
2011-11-07 10:45:01 -------- d-----w- C:\Users\Ben\AppData\Local\{C7C2F6AE-3CC2-416D-9656-E29552531F0A}
2011-11-06 20:27:37 -------- d-----w- C:\Users\Ben\AppData\Local\{9FFEE268-3590-4A99-9785-95E7C0748E13}
2011-11-06 20:27:01 -------- d-----w- C:\Users\Ben\AppData\Local\{2368D8D8-1BB8-46D8-A25F-C94E56969502}
2011-11-05 21:26:57 -------- d-----w- C:\Users\Ben\AppData\Roaming\AVG
2011-11-05 21:18:09 -------- d-----w- C:\Users\Ben\AppData\Roaming\PC Cleaners
2011-11-05 21:18:06 5359888 ----a-w- C:\Windows\uninst.exe
2011-11-05 21:18:05 -------- d-----w- C:\ProgramData\PC1Data
2011-11-05 20:09:40 -------- d-----w- C:\Windows\pss
2011-11-05 20:05:29 -------- d-----w- C:\Users\Ben\AppData\Roaming\AVG2012
2011-11-05 20:04:08 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2011-11-05 20:04:08 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2011-11-05 20:03:56 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2011-11-05 20:03:27 -------- d-----w- C:\Windows\System32\drivers\AVG
2011-11-05 20:03:27 -------- d-----w- C:\ProgramData\AVG2012
2011-11-05 19:40:56 -------- d-----w- C:\Users\Ben\AppData\Local\AskToolbar
2011-11-05 18:46:16 -------- d-----w- C:\Users\Ben\AppData\Local\{A3C60F55-0311-4DC9-AD06-AB1BBA0D90AF}
2011-11-05 18:45:54 -------- d-----w- C:\Users\Ben\AppData\Local\{7C7521E8-6846-4622-9F94-C3B5A57B8EFB}
2011-11-05 18:17:31 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DABCBCE1-65AB-4847-967D-F29D3F71F969}\mpengine.dll
2011-11-05 15:31:00 -------- d--h--w- C:\Users\Ben\AppData\Roaming\Malwarebytes
2011-11-05 15:30:39 -------- d-----w- C:\ProgramData\Malwarebytes
2011-11-04 19:40:13 -------- d--h--w- C:\Users\Ben\AppData\Local\{45BA2B96-EF3D-43FA-AD19-B8E4C62695C2}
2011-11-04 19:40:03 -------- d--h--w- C:\Users\Ben\AppData\Local\{ABEB9173-DD57-4AFB-9CDC-DE4D6392972F}
2011-11-04 01:07:00 -------- d--h--w- C:\Users\Ben\AppData\Local\{F066D215-2CF5-4E9A-9570-34AD9A5A06FB}
2011-11-04 01:06:50 -------- d--h--w- C:\Users\Ben\AppData\Local\{0291DA64-1888-42DE-9DD5-C05793123D72}
2011-11-03 09:51:35 -------- d--h--w- C:\Users\Ben\AppData\Local\{FD15F07A-6790-48B4-9DED-AE2F1E15FA9B}
2011-11-03 09:51:25 -------- d--h--w- C:\Users\Ben\AppData\Local\{40E11650-3705-42DE-9D8D-1A8454FB6280}
2011-11-02 19:45:01 -------- d--h--w- C:\Users\Ben\AppData\Local\{13F6D7DC-0B48-4B96-81F6-0D071CEFB984}
2011-11-02 19:44:50 -------- d--h--w- C:\Users\Ben\AppData\Local\{3DDDE9C8-C565-4C81-85BE-AEFA731520E1}
2011-11-01 23:44:47 -------- d--h--w- C:\Users\Ben\AppData\Local\{B82ADA2C-778D-443D-818E-F9E4BA05A1B5}
2011-11-01 23:44:37 -------- d--h--w- C:\Users\Ben\AppData\Local\{8A25A8C1-D434-4DE1-9F77-7707F9531964}
2011-11-01 10:04:52 -------- d--h--w- C:\Users\Ben\AppData\Local\{4CAE36FE-642C-4E0C-B05B-61D7EEEF5FDB}
2011-11-01 10:04:42 -------- d--h--w- C:\Users\Ben\AppData\Local\{6C3E0289-D52F-4BA7-AF67-AC6E0D7BC63A}
2011-10-31 21:57:49 -------- d--h--w- C:\Users\Ben\AppData\Local\{4EA9F4F4-E574-4DD6-BD3C-E3CB31DC4953}
2011-10-31 21:57:39 -------- d--h--w- C:\Users\Ben\AppData\Local\{1F50C16B-C72D-46EB-ADE7-5DB36EF20E3B}
2011-10-31 09:35:05 -------- d--h--w- C:\Users\Ben\AppData\Local\{4C71D878-F2A0-456F-9EE5-BD251C9DCFC3}
2011-10-31 09:34:55 -------- d--h--w- C:\Users\Ben\AppData\Local\{CBF83F8B-261A-4AB6-829B-65A7BBFEAE3D}
2011-10-30 19:16:53 -------- d--h--w- C:\Users\Ben\AppData\Local\{03569830-85C7-4B1C-B1CC-980EFD8B1F41}
2011-10-30 19:16:43 -------- d--h--w- C:\Users\Ben\AppData\Local\{F93C60C1-E99D-4DF1-95FB-4FFC4A3D0DC2}
2011-10-30 15:55:23 -------- d--h--w- C:\Users\Ben\AppData\Local\{886BB672-5B5B-472B-987C-D1E1B9303223}
2011-10-30 02:01:26 -------- d--h--w- C:\Users\Ben\AppData\Local\{59ABE53D-2B1C-40E3-9FE2-EF86AD1D648C}
2011-10-30 02:01:16 -------- d--h--w- C:\Users\Ben\AppData\Local\{93A3E36C-1AB9-4884-B842-BD359FD08148}
2011-10-29 13:23:45 -------- d--h--w- C:\Users\Ben\AppData\Local\{9B2908B6-8845-46F4-B58E-4AF0DC8C8592}
2011-10-29 13:23:35 -------- d--h--w- C:\Users\Ben\AppData\Local\{090AA591-1AB3-4BF8-B7ED-510B7AD166BA}
2011-10-28 20:11:43 -------- d--h--w- C:\Users\Ben\AppData\Local\{93E3C31B-BBB5-44CE-AF44-98C04A146C3C}
2011-10-28 20:11:07 -------- d--h--w- C:\Users\Ben\AppData\Local\{1BF8604A-21A7-498A-98DA-551756613894}
2011-10-28 00:22:41 -------- d--h--w- C:\Users\Ben\AppData\Local\{D4DE1B3C-9E38-4712-AA83-A4CF16AB0A48}
2011-10-28 00:22:31 -------- d--h--w- C:\Users\Ben\AppData\Local\{7E9A0686-E035-470D-9EAF-C760724BB95A}
2011-10-27 09:56:24 -------- d--h--w- C:\Users\Ben\AppData\Local\{2B3CC215-6A30-4A19-AAAE-660E0E52D7C3}
2011-10-27 09:56:13 -------- d--h--w- C:\Users\Ben\AppData\Local\{11666EC8-1A71-4C46-8A07-66D73862BF07}
2011-10-26 09:41:28 -------- d--h--w- C:\Users\Ben\AppData\Local\{2C4479CA-36D8-4A94-905B-80FC6C1914B4}
2011-10-26 09:41:18 -------- d--h--w- C:\Users\Ben\AppData\Local\{69BB8103-EFE3-4447-A2B2-7FC009725018}
2011-10-25 19:48:24 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-25 19:48:24 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-25 19:38:19 -------- d--h--w- C:\Users\Ben\AppData\Local\{F841604E-902B-4C52-B779-F6AC9BF81ACE}
2011-10-25 19:37:43 -------- d--h--w- C:\Users\Ben\AppData\Local\{C3F1E82E-471D-490B-AF4A-C4E46F71AE4E}
2011-10-25 09:41:32 -------- d--h--w- C:\Users\Ben\AppData\Local\{05A31C89-CF32-476B-90CB-792CE7AE089F}
.
==================== Find3M ====================
.
2011-11-18 22:09:31 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-06 00:38:04 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-11-05 20:13:00 13551 ----a-w- C:\ProgramData\xml3851.tmp
2011-11-05 20:12:59 9801 ----a-w- C:\ProgramData\xml141C.tmp
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-07 10:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2010-05-17 18:57:10 1907136 ----a-w- C:\Program Files (x86)\Common Files\C721_V1.1.2263.0605_SETUP.exe
.
============= FINISH: 16:48:37.68 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 11/23/2009 12:05:10 AM
System Uptime: 11/23/2011 4:31:37 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M3A78-EM
Processor: AMD Athlon™ 64 X2 Dual Core Processor 6400+ | AM2 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 269.201 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 931.385 GiB free.
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acoustica Effects Pack
Acoustica Mixcraft 5
Ad-Aware
Adobe Reader 9.4.6
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Ask Toolbar
Assassin's Creed
Assassin's Creed II
Audiosurf
Battlefield Heroes
Battlefield: Bad Company 2
Beat Hazard
Borderlands
Burnout Paradise: The Ultimate Box
C751 Verizon Tool Launcher
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: World at War
CASIO USB Driver V1.5.1.0423
Cogs
Counter-Strike: Source
Crash Time III
Crysis
Crysis Warhead
Crysis Wars
D3DX10
Darwinia
DebugMode Wax 2.0
Defcon
DiRT 2
DOOM 3
DOOM 3: Resurrection of Evil
DOOM II: Hell on Earth
Driver Detective
Empire: Total War
End User Upgrade Tool Monitor
Eufloria
F.E.A.R.
F.E.A.R. 2: Project Origin
F.E.A.R.: Extraction Point
F.E.A.R.: Perseus Mandate
Far Cry
Far Cry 2
Final DOOM
FlatOut
FlatOut: Ultimate Carnage
FlatOut2
Flotilla
G'zOne C751Upgrader
GameSpy Comrade
Garry's Mod
GIMP 2.6.8
GoldenEye: Source - HalfLife 2 Mod
Google Chrome
Google Earth
Google Update Helper
GRID
Guns of Icarus
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 26
Junk Mail filter update
Just Cause 2
Left 4 Dead
Left 4 Dead 2
LogMeIn Hamachi
Malwarebytes' Anti-Malware version 1.51.2.1300
Master Levels for DOOM II
Medal of Honor™ Multiplayer
Medal of Honor™ Single Player
Men of War
Men of War: Red Tide
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 3.1
MixPad Audio Mixer
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NCH Toolbox
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
OpenAL
OpenOffice.org 3.3
Plain Sight
Pocket Tanks Deluxe v1.3 - Collector's Edition
Portal
PunkBuster Services
QuickTime
R.U.S.E
Rapture3D 2.3.26 Game
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek AC'97 Audio
RealUpgrade 1.1
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
S.T.A.L.K.E.R.: Call of Pripyat
S.T.A.L.K.E.R.: Shadow of Chernobyl
Section 8: Prejudice
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Serious Sam HD: The First Encounter
Ship Simulator Extremes
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization IV: Colonization
Sid Meier's Civilization IV: Warlords
Sid Meier's Civilization V
Sid Meier's Railroads
SimCity 4 Deluxe
Skype Toolbars
Skype™ 5.3
Steam
Switch Sound File Converter
Team Fortress 2
Test Drive Unlimited 2
The Sims™ 3
The Ultimate DOOM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Ventrilo Client
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wings of Prey
yuPlay client 0.7.17
Zero Gear
Zombie Driver
.
==== Event Viewer Messages From Past Week ========
.
11/23/2011 4:34:50 PM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.
11/23/2011 4:34:50 PM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.
11/23/2011 4:34:13 PM, Error: Microsoft-Windows-WMPNSS-Service [14346] - A new media server was not initialized because RegisterRunningDevice() encountered error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service.
11/23/2011 4:32:16 PM, Error: nvlddmkm [14] -
11/23/2011 4:32:08 PM, Error: BTHUSB [5] - The Bluetooth driver expected an HCI event with a certain size but did not receive it.
11/22/2011 4:02:44 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
11/22/2011 4:00:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
11/18/2011 6:03:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
11/18/2011 6:03:56 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/18/2011 6:03:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
11/18/2011 5:10:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/18/2011 12:07:32 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
11/18/2011 12:06:32 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/18/2011 12:06:22 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/16/2011 5:44:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
11/16/2011 5:44:13 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================





Since I posted this, I got infected with the AV Protection 2011. I walked away from my computer for 20 minutes, and when I came back, there it was. I think I got rid of it with a combo of Malwarebytes and AVG 2012 free, but I am not sure. I know that it makes your work harder when I do things on my own, but it made my computer useless. I had to try to get the majority of it off before I could do any of this stuff. I still have the issue with the google redirect. I am not going to do anything else til you tell me what to do. Thank again for your help. I would really like to be able to use this computer again without the redirect and the constant barrage of trojans and other viruses.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:40 PM

Posted 23 November 2011 - 10:43 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 narclepticfool

narclepticfool
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 25 November 2011 - 06:23 AM

ComboFix 11-11-24.01 - Ben 11/24/2011 20:47:50.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2700 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml141C.tmp
c:\programdata\xml193B.tmp
c:\programdata\xml1955.tmp
c:\programdata\xml1A65.tmp
c:\programdata\xml3851.tmp
c:\programdata\xml8560.tmp
c:\programdata\xml8783.tmp
c:\users\Ben\AppData\Roaming\Roaming
c:\users\Ben\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
.
.
((((((((((((((((((((((((( Files Created from 2011-10-25 to 2011-11-25 )))))))))))))))))))))))))))))))
.
.
2011-11-25 02:30 . 2011-11-25 02:30 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-25 02:30 . 2011-11-25 02:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 01:02 . 2011-11-23 01:02 -------- d-----w- c:\users\Ben\AppData\Roaming\CIBtzPNyc1v2b4
2011-11-23 01:02 . 2011-11-23 01:02 -------- d-----w- c:\users\Ben\AppData\Roaming\TmHH5sQJ7EK8R9Y
2011-11-23 00:00 . 2011-11-23 00:00 -------- d-----w- c:\users\Ben\AppData\Roaming\x1uvS2obFpG
2011-11-23 00:00 . 2011-11-23 00:00 -------- d-----w- c:\users\Ben\AppData\Roaming\IfRZ9hTXwUeI
2011-11-23 00:00 . 2011-11-23 00:00 -------- d-----w- c:\users\Ben\AppData\Roaming\7EA7F
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\NRRZqhhXwkVeOtP
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\myycc11vD2nFpHs
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\eD2ooFFpmH5Q7EK
2011-11-22 22:48 . 2011-11-23 21:33 -------- d-----w- c:\users\Ben\AppData\Roaming\tCwkkUVrOBtx0
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\QS11ibD3oG4
2011-11-22 00:27 . 2011-11-25 01:46 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-11-18 23:15 . 2011-11-18 23:15 -------- d-----w- c:\users\Ben\AppData\Roaming\xcAA1uvDobF
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files\iTunes
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files (x86)\iTunes
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files\iPod
2011-11-16 10:44 . 2011-11-16 10:44 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 21:14 . 2011-11-12 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-12 02:24 . 2011-11-12 02:24 -------- d-----w- C:\$AVG
2011-11-12 02:19 . 2011-11-12 02:26 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-11-12 01:44 . 2011-11-25 01:19 -------- d-----w- c:\program files (x86)\Steam
2011-11-05 21:35 . 2011-11-05 21:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-11-05 21:26 . 2011-11-05 21:26 -------- d-----w- c:\users\Ben\AppData\Roaming\AVG
2011-11-05 21:18 . 2011-11-05 21:18 -------- d-----w- c:\users\Ben\AppData\Roaming\PC Cleaners
2011-11-05 21:18 . 2011-11-05 21:17 5359888 ----a-w- c:\windows\uninst.exe
2011-11-05 21:18 . 2011-11-05 21:18 -------- d-----w- c:\programdata\PC1Data
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-11-05 20:03 . 2011-11-05 20:03 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-11-05 20:03 . 2011-11-25 01:22 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-05 20:03 . 2011-11-16 10:38 -------- d-----w- c:\programdata\AVG2012
2011-11-05 19:40 . 2011-11-05 19:40 -------- d-----w- c:\users\Ben\AppData\Local\AskToolbar
2011-11-05 18:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DABCBCE1-65AB-4847-967D-F29D3F71F969}\mpengine.dll
2011-11-05 15:31 . 2011-11-05 15:31 -------- d--h--w- c:\users\Ben\AppData\Roaming\Malwarebytes
2011-11-05 15:30 . 2011-11-05 15:30 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 22:09 . 2011-05-28 14:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-06 00:38 . 2010-04-14 00:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 10:23 . 2011-10-07 10:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-06 02:36 . 2011-10-06 02:36 58656 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{351ACE1A-83A5-491A-968C-9DFF3C422224}\ARPPRODUCTICON.exe
2011-10-01 03:25 . 2011-10-13 09:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 09:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-09-06 03:03 . 2011-10-13 09:48 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2010-05-17 18:57 . 2010-05-17 18:57 1907136 ----a-w- c:\program files (x86)\Common Files\C721_V1.1.2263.0605_SETUP.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-05 20:04 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-05 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzYtOTI4NTE0MDEzLVRCOSsxLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1831&mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-8 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2002-01-01 19952]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-05 246624]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-06 2152152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:24]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:24]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329962659-1341633783-230305914-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 19:53]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329962659-1341633783-230305914-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 19:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: netflix.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0jixbene.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox|http://forecast.weather.gov/MapClick.php?zoneid=MEZ019&zflg=1|http://vfrworld.com/forums/content.php|http://www.marksdailyapple.com/primal-blueprint-101/|http://www.stumbleupon.com/home/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8fee84ee-3dee-44e5-9cb6-4395424f0720%7D&mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-05%2016%3A04%3A16&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-Steam App 2280 - e:\steam\steam.exe
AddRemove-Steam App 2290 - e:\steam\steam.exe
AddRemove-Steam App 2300 - e:\steam\steam.exe
AddRemove-Steam App 33620 - e:\steam\steam.exe
AddRemove-Steam App 47890 - e:\steam\steam.exe
AddRemove-Steam App 49600 - e:\steam\steam.exe
AddRemove-Steam App 49800 - e:\steam\steam.exe
AddRemove-Steam App 49900 - e:\steam\steam.exe
AddRemove-Steam App 55000 - e:\steam\steam.exe
AddRemove-Steam App 9050 - e:\steam\steam.exe
AddRemove-Steam App 9070 - e:\steam\steam.exe
AddRemove-Steam App 9160 - e:\steam\steam.exe
AddRemove-Steam App 97100 - e:\steam\steam.exe
AddRemove-yuPlay ??????_is1 - c:\program files (x86)\steam\steamapps\common\wings of prey\yuPlay\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329962659-1341633783-230305914-1000\Software\SecuROM\License information*]
"datasecu"=hex:4c,35,83,6d,65,28,c5,cc,de,17,df,53,be,ab,38,09,3d,6f,9b,41,7c,
22,11,e8,05,26,3d,c2,d1,d2,50,45,a0,19,11,c7,82,99,50,7f,4b,52,49,eb,0e,09,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
@=""
"Installed"="1"
"NoChange"="1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
@=""
"Installed"="1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-25 06:08:46
ComboFix-quarantined-files.txt 2011-11-25 11:08
.
Pre-Run: 288,205,664,256 bytes free
Post-Run: 289,459,113,984 bytes free
.
- - End Of File - - A0782F503D955D1BF60897B32A49A93E





I am not convinced that this fixed it. I will have to wait an see though. I keep having to pull up task manager and ending the iexplorer.exe process because it keeps giving me pop ups. While I am typing this, it popped up again, so it looks as though its not been taken care of with combofix. Whats next?

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:40 PM

Posted 25 November 2011 - 07:02 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 narclepticfool

narclepticfool
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 25 November 2011 - 09:08 PM

21:03:46.0409 1260 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
21:03:46.0734 1260 ============================================================
21:03:46.0734 1260 Current date / time: 2011/11/25 21:03:46.0734
21:03:46.0734 1260 SystemInfo:
21:03:46.0734 1260
21:03:46.0734 1260 OS Version: 6.1.7601 ServicePack: 1.0
21:03:46.0734 1260 Product type: Workstation
21:03:46.0734 1260 ComputerName: BEN-PC
21:03:46.0734 1260 UserName: Ben
21:03:46.0734 1260 Windows directory: C:\Windows
21:03:46.0734 1260 System windows directory: C:\Windows
21:03:46.0734 1260 Running under WOW64
21:03:46.0734 1260 Processor architecture: Intel x64
21:03:46.0734 1260 Number of processors: 2
21:03:46.0734 1260 Page size: 0x1000
21:03:46.0734 1260 Boot type: Normal boot
21:03:46.0734 1260 ============================================================
21:03:48.0230 1260 Initialize success
21:03:50.0572 5616 ============================================================
21:03:50.0572 5616 Scan started
21:03:50.0572 5616 Mode: Manual;
21:03:50.0572 5616 ============================================================
21:03:51.0021 5616 1394ohci - ok
21:03:51.0031 5616 ACPI - ok
21:03:51.0039 5616 AcpiPmi - ok
21:03:51.0056 5616 adp94xx - ok
21:03:51.0060 5616 adpahci - ok
21:03:51.0065 5616 adpu320 - ok
21:03:51.0074 5616 AFD - ok
21:03:51.0081 5616 agp440 - ok
21:03:51.0089 5616 aliide - ok
21:03:51.0094 5616 amdide - ok
21:03:51.0099 5616 AmdK8 - ok
21:03:51.0103 5616 AmdPPM - ok
21:03:51.0107 5616 amdsata - ok
21:03:51.0126 5616 amdsbs - ok
21:03:51.0131 5616 amdxata - ok
21:03:51.0138 5616 AppID - ok
21:03:51.0181 5616 arc - ok
21:03:51.0185 5616 arcsas - ok
21:03:51.0200 5616 AsyncMac - ok
21:03:51.0204 5616 atapi - ok
21:03:51.0239 5616 AVGIDSDriver - ok
21:03:51.0246 5616 AVGIDSEH - ok
21:03:51.0251 5616 AVGIDSFilter - ok
21:03:51.0267 5616 Avgldx64 - ok
21:03:51.0276 5616 Avgmfx64 - ok
21:03:51.0297 5616 Avgrkx64 - ok
21:03:51.0303 5616 Avgtdia - ok
21:03:51.0345 5616 b06bdrv - ok
21:03:51.0354 5616 b57nd60a - ok
21:03:51.0360 5616 BCM43XX - ok
21:03:51.0383 5616 Beep - ok
21:03:51.0468 5616 BlackBox - ok
21:03:51.0473 5616 blbdrive - ok
21:03:51.0566 5616 bowser - ok
21:03:51.0571 5616 BrFiltLo - ok
21:03:51.0575 5616 BrFiltUp - ok
21:03:51.0579 5616 Bridge - ok
21:03:51.0590 5616 BridgeMP - ok
21:03:51.0597 5616 Brserid - ok
21:03:51.0601 5616 BrSerWdm - ok
21:03:51.0605 5616 BrUsbMdm - ok
21:03:51.0610 5616 BrUsbSer - ok
21:03:51.0631 5616 BthEnum - ok
21:03:51.0637 5616 BTHMODEM - ok
21:03:51.0642 5616 BthPan - ok
21:03:51.0649 5616 BTHPORT - ok
21:03:51.0661 5616 BTHUSB - ok
21:03:51.0668 5616 BTWAMPFL - ok
21:03:51.0676 5616 btwaudio - ok
21:03:51.0682 5616 btwavdt - ok
21:03:51.0689 5616 btwl2cap - ok
21:03:51.0699 5616 btwrchid - ok
21:03:51.0725 5616 catchme - ok
21:03:51.0729 5616 cdfs - ok
21:03:51.0733 5616 cdrom - ok
21:03:51.0746 5616 circlass - ok
21:03:51.0750 5616 CLFS - ok
21:03:51.0767 5616 CmBatt - ok
21:03:51.0777 5616 cmdide - ok
21:03:51.0780 5616 CNG - ok
21:03:51.0784 5616 Compbatt - ok
21:03:51.0789 5616 CompositeBus - ok
21:03:51.0806 5616 cpuz135 - ok
21:03:51.0811 5616 crcdisk - ok
21:03:51.0828 5616 CSC - ok
21:03:51.0842 5616 DfsC - ok
21:03:51.0849 5616 discache - ok
21:03:51.0872 5616 Disk - ok
21:03:51.0891 5616 drmkaud - ok
21:03:51.0901 5616 DXGKrnl - ok
21:03:51.0908 5616 ebdrv - ok
21:03:51.0925 5616 elxstor - ok
21:03:51.0927 5616 ErrDev - ok
21:03:51.0941 5616 exfat - ok
21:03:51.0945 5616 fanio - ok
21:03:51.0967 5616 fastfat - ok
21:03:51.0974 5616 fdc - ok
21:03:51.0982 5616 FileInfo - ok
21:03:51.0988 5616 Filetrace - ok
21:03:51.0992 5616 flpydisk - ok
21:03:52.0016 5616 FltMgr - ok
21:03:52.0024 5616 FsDepends - ok
21:03:52.0029 5616 Fs_Rec - ok
21:03:52.0035 5616 fvevol - ok
21:03:52.0039 5616 gagp30kx - ok
21:03:52.0043 5616 GEARAspiWDM - ok
21:03:52.0091 5616 hamachi - ok
21:03:52.0098 5616 hcw85cir - ok
21:03:52.0102 5616 HdAudAddService - ok
21:03:52.0107 5616 HDAudBus - ok
21:03:52.0115 5616 HidBatt - ok
21:03:52.0119 5616 HidBth - ok
21:03:52.0124 5616 HidIr - ok
21:03:52.0132 5616 HidUsb - ok
21:03:52.0160 5616 HpSAMD - ok
21:03:52.0164 5616 HTTP - ok
21:03:52.0168 5616 hwpolicy - ok
21:03:52.0172 5616 i8042prt - ok
21:03:52.0178 5616 iaStorV - ok
21:03:52.0184 5616 iirsp - ok
21:03:52.0212 5616 intelide - ok
21:03:52.0217 5616 intelppm - ok
21:03:52.0224 5616 IpFilterDriver - ok
21:03:52.0231 5616 IPMIDRV - ok
21:03:52.0236 5616 IPNAT - ok
21:03:52.0271 5616 IRENUM - ok
21:03:52.0276 5616 isapnp - ok
21:03:52.0280 5616 iScsiPrt - ok
21:03:52.0300 5616 kbdclass - ok
21:03:52.0304 5616 kbdhid - ok
21:03:52.0310 5616 KSecDD - ok
21:03:52.0315 5616 KSecPkg - ok
21:03:52.0319 5616 ksthunk - ok
21:03:52.0348 5616 Lavasoft Kernexplorer - ok
21:03:52.0352 5616 Lbd - ok
21:03:52.0368 5616 libusb0 - ok
21:03:52.0373 5616 lltdio - ok
21:03:52.0385 5616 LSI_FC - ok
21:03:52.0390 5616 LSI_SAS - ok
21:03:52.0402 5616 LSI_SAS2 - ok
21:03:52.0406 5616 LSI_SCSI - ok
21:03:52.0411 5616 luafv - ok
21:03:52.0415 5616 MBAMProtector - ok
21:03:52.0428 5616 megasas - ok
21:03:52.0433 5616 MegaSR - ok
21:03:52.0453 5616 Modem - ok
21:03:52.0457 5616 monitor - ok
21:03:52.0463 5616 MotioninJoyUSBFilter - ok
21:03:52.0470 5616 MotioninJoyXFilter - ok
21:03:52.0477 5616 mouclass - ok
21:03:52.0481 5616 mouhid - ok
21:03:52.0498 5616 mountmgr - ok
21:03:52.0503 5616 mpio - ok
21:03:52.0507 5616 mpsdrv - ok
21:03:52.0515 5616 MRxDAV - ok
21:03:52.0521 5616 mrxsmb - ok
21:03:52.0527 5616 mrxsmb10 - ok
21:03:52.0547 5616 mrxsmb20 - ok
21:03:52.0551 5616 msahci - ok
21:03:52.0557 5616 msdsm - ok
21:03:52.0572 5616 Msfs - ok
21:03:52.0592 5616 mshidkmdf - ok
21:03:52.0597 5616 msisadrv - ok
21:03:52.0610 5616 MSKSSRV - ok
21:03:52.0616 5616 MSPCLOCK - ok
21:03:52.0621 5616 MSPQM - ok
21:03:52.0626 5616 MsRPC - ok
21:03:52.0644 5616 mssmbios - ok
21:03:52.0649 5616 MSTEE - ok
21:03:52.0654 5616 MTConfig - ok
21:03:52.0659 5616 MTsensor - ok
21:03:52.0672 5616 Mup - ok
21:03:52.0687 5616 NativeWifiP - ok
21:03:52.0694 5616 NDIS - ok
21:03:52.0699 5616 NdisCap - ok
21:03:52.0703 5616 NdisTapi - ok
21:03:52.0708 5616 Ndisuio - ok
21:03:52.0712 5616 NdisWan - ok
21:03:52.0718 5616 NDProxy - ok
21:03:52.0739 5616 NetBIOS - ok
21:03:52.0743 5616 NetBT - ok
21:03:52.0758 5616 nfrd960 - ok
21:03:52.0768 5616 Npfs - ok
21:03:52.0788 5616 nsiproxy - ok
21:03:52.0795 5616 Ntfs - ok
21:03:52.0799 5616 Null - ok
21:03:52.0804 5616 nvlddmkm - ok
21:03:52.0808 5616 nvraid - ok
21:03:52.0830 5616 nvstor - ok
21:03:52.0840 5616 nv_agp - ok
21:03:52.0846 5616 ohci1394 - ok
21:03:52.0858 5616 Parport - ok
21:03:52.0863 5616 partmgr - ok
21:03:52.0883 5616 pci - ok
21:03:52.0887 5616 pciide - ok
21:03:52.0893 5616 pcmcia - ok
21:03:52.0898 5616 pcw - ok
21:03:52.0902 5616 PEAUTH - ok
21:03:52.0975 5616 PptpMiniport - ok
21:03:52.0979 5616 Processor - ok
21:03:52.0990 5616 Psched - ok
21:03:52.0994 5616 ql2300 - ok
21:03:52.0998 5616 ql40xx - ok
21:03:53.0021 5616 QWAVEdrv - ok
21:03:53.0026 5616 RasAcd - ok
21:03:53.0031 5616 RasAgileVpn - ok
21:03:53.0039 5616 Rasl2tp - ok
21:03:53.0045 5616 RasPppoe - ok
21:03:53.0050 5616 RasSstp - ok
21:03:53.0072 5616 rdbss - ok
21:03:53.0078 5616 rdpbus - ok
21:03:53.0082 5616 RDPCDD - ok
21:03:53.0088 5616 RDPDR - ok
21:03:53.0093 5616 RDPENCDD - ok
21:03:53.0099 5616 RDPREFMP - ok
21:03:53.0119 5616 RDPWD - ok
21:03:53.0125 5616 rdyboost - ok
21:03:53.0133 5616 RFCOMM - ok
21:03:53.0148 5616 RivaTuner64 - ok
21:03:53.0154 5616 RMCAST - ok
21:03:53.0171 5616 rspndr - ok
21:03:53.0177 5616 RTL8167 - ok
21:03:53.0183 5616 s3cap - ok
21:03:53.0197 5616 SANDRA - ok
21:03:53.0213 5616 sbp2port - ok
21:03:53.0219 5616 SBRE - ok
21:03:53.0226 5616 scfilter - ok
21:03:53.0237 5616 secdrv - ok
21:03:53.0264 5616 Serenum - ok
21:03:53.0268 5616 Serial - ok
21:03:53.0273 5616 sermouse - ok
21:03:53.0289 5616 sffdisk - ok
21:03:53.0312 5616 sffp_mmc - ok
21:03:53.0318 5616 sffp_sd - ok
21:03:53.0325 5616 sfloppy - ok
21:03:53.0339 5616 SiSRaid2 - ok
21:03:53.0343 5616 SiSRaid4 - ok
21:03:53.0362 5616 Smb - ok
21:03:53.0373 5616 spldr - ok
21:03:53.0386 5616 srv - ok
21:03:53.0405 5616 srv2 - ok
21:03:53.0416 5616 srvnet - ok
21:03:53.0471 5616 stexstor - ok
21:03:53.0478 5616 storflt - ok
21:03:53.0485 5616 storvsc - ok
21:03:53.0489 5616 swenum - ok
21:03:53.0510 5616 Tcpip - ok
21:03:53.0515 5616 TCPIP6 - ok
21:03:53.0546 5616 tcpipreg - ok
21:03:53.0553 5616 TDPIPE - ok
21:03:53.0557 5616 TDTCP - ok
21:03:53.0567 5616 tdx - ok
21:03:53.0571 5616 TermDD - ok
21:03:53.0612 5616 tssecsrv - ok
21:03:53.0617 5616 TsUsbFlt - ok
21:03:53.0627 5616 tunnel - ok
21:03:53.0632 5616 uagp35 - ok
21:03:53.0660 5616 udfs - ok
21:03:53.0670 5616 uliagpkx - ok
21:03:53.0675 5616 umbus - ok
21:03:53.0686 5616 UmPass - ok
21:03:53.0718 5616 USBAAPL64 - ok
21:03:53.0723 5616 usbccgp - ok
21:03:53.0728 5616 usbcir - ok
21:03:53.0732 5616 usbehci - ok
21:03:53.0742 5616 usbhub - ok
21:03:53.0746 5616 usbohci - ok
21:03:53.0751 5616 usbprint - ok
21:03:53.0784 5616 usbscan - ok
21:03:53.0789 5616 USBSTOR - ok
21:03:53.0793 5616 usbuhci - ok
21:03:53.0809 5616 vdrvroot - ok
21:03:53.0816 5616 vga - ok
21:03:53.0852 5616 VgaSave - ok
21:03:53.0857 5616 vhdmp - ok
21:03:53.0862 5616 viaide - ok
21:03:53.0869 5616 vmbus - ok
21:03:53.0895 5616 VMBusHID - ok
21:03:53.0899 5616 volmgr - ok
21:03:53.0925 5616 volmgrx - ok
21:03:53.0929 5616 volsnap - ok
21:03:53.0934 5616 vsmraid - ok
21:03:53.0957 5616 vwifibus - ok
21:03:53.0961 5616 vwififlt - ok
21:03:53.0966 5616 vwifimp - ok
21:03:53.0980 5616 WacomPen - ok
21:03:53.0985 5616 WANARP - ok
21:03:53.0992 5616 Wanarpv6 - ok
21:03:54.0029 5616 Wd - ok
21:03:54.0033 5616 Wdf01000 - ok
21:03:54.0053 5616 WfpLwf - ok
21:03:54.0082 5616 WIMMount - ok
21:03:54.0104 5616 WinUsb - ok
21:03:54.0111 5616 WmiAcpi - ok
21:03:54.0144 5616 ws2ifsl - ok
21:03:54.0160 5616 WudfPf - ok
21:03:54.0183 5616 WUDFRd - ok
21:03:54.0195 5616 XPADFL02 - ok
21:03:54.0200 5616 xusb21 - ok
21:03:54.0235 5616 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
21:03:54.0240 5616 \Device\Harddisk1\DR1 - ok
21:03:54.0257 5616 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:03:54.0265 5616 \Device\Harddisk0\DR0 - ok
21:03:54.0271 5616 MBR (0x1B8) (6d274608408406f716742f7d2efae20e) \Device\Harddisk2\DR2
21:03:56.0515 5616 \Device\Harddisk2\DR2 - ok
21:03:56.0518 5616 Boot (0x1200) (71687aeeafaac5c43118368a12907a5b) \Device\Harddisk1\DR1\Partition0
21:03:56.0519 5616 \Device\Harddisk1\DR1\Partition0 - ok
21:03:56.0524 5616 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk1\DR1\Partition1
21:03:56.0524 5616 \Device\Harddisk1\DR1\Partition1 - ok
21:03:56.0546 5616 Boot (0x1200) (48b39618ddd7ccd79fcd723f9184f79a) \Device\Harddisk0\DR0\Partition0
21:03:56.0549 5616 \Device\Harddisk0\DR0\Partition0 - ok
21:03:56.0559 5616 Boot (0x1200) (2477695513e7e0bda882da55d218e545) \Device\Harddisk0\DR0\Partition1
21:03:56.0560 5616 \Device\Harddisk0\DR0\Partition1 - ok
21:03:56.0561 5616 ============================================================
21:03:56.0561 5616 Scan finished
21:03:56.0561 5616 ============================================================
21:03:56.0574 5860 Detected object count: 0
21:03:56.0574 5860 Actual detected object count: 0




I don't know if this is pertinent, or if maybe you can answer my question, but I have a bunch of files that turned into hidden files. How do I go about making them unhidden? This is from when I had the System Restore thinger. Is there some way to whole-sale make them unhidden?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:40 PM

Posted 25 November 2011 - 09:31 PM

Hello

Run this first - http://download.bleepingcomputer.com/grinler/unhide.exe



This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 narclepticfool

narclepticfool
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 26 November 2011 - 01:31 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-26 12:51:03
-----------------------------
12:51:03.674 OS Version: Windows x64 6.1.7601 Service Pack 1
12:51:03.674 Number of processors: 2 586 0x4303
12:51:03.675 ComputerName: BEN-PC UserName: Ben
12:51:09.775 Initialize success
12:51:14.005 AVAST engine defs: 11112600
12:51:22.959 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6
12:51:22.961 Disk 0 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
12:51:22.963 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
12:51:22.965 Disk 1 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
12:51:24.985 Disk 0 MBR read successfully
12:51:24.987 Disk 0 MBR scan
12:51:24.991 Disk 0 Windows 7 default MBR code
12:51:24.993 Disk 0 MBR hidden
12:51:24.996 Service scanning
12:51:26.180 Modules scanning
12:51:26.183 Disk 0 trace - called modules:
12:51:26.193 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800493d334]<<
12:51:26.196 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004919060]
12:51:26.358 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047d0520]
12:51:26.362 5 ACPI.sys[fffff88000e3e7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-6[0xfffffa80047c2060]
12:51:26.378 \Driver\atapi[0xfffffa80044757f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800493d334
12:51:33.488 AVAST engine scan C:\Windows
12:51:42.293 AVAST engine scan C:\Windows\system32
12:54:58.836 AVAST engine scan C:\Windows\system32\drivers
12:55:10.813 AVAST engine scan C:\Users\Ben
13:24:46.694 AVAST engine scan C:\ProgramData
13:27:14.560 Scan finished successfully
13:28:39.079 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
13:28:39.084 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR.txt"


I have not done anything other than scan and save the log and post it here. Was I supposed to use the "FixMBR" button? What does that do anyway?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:40 PM

Posted 26 November 2011 - 06:12 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 narclepticfool

narclepticfool
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 26 November 2011 - 10:37 PM

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-26 21:48:51
-----------------------------
21:48:51.360 OS Version: Windows x64 6.1.7601 Service Pack 1
21:48:51.360 Number of processors: 2 586 0x4303
21:48:51.360 ComputerName: BEN-PC UserName: Ben
21:49:16.423 Initialize success
21:49:20.964 AVAST engine defs: 11112600
21:49:23.491 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T1L0-6
21:49:23.506 Disk 0 Vendor: ST3500320AS SD15 Size: 476940MB BusType: 3
21:49:23.506 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-5
21:49:23.506 Disk 1 Vendor: WDC_WD10EALX-009BA0 15.01H15 Size: 953869MB BusType: 3
21:49:23.506 Disk 0 MBR read successfully
21:49:23.506 Disk 0 MBR scan
21:49:23.522 Disk 0 Windows 7 default MBR code
21:49:23.522 Service scanning
21:49:26.658 Modules scanning
21:49:26.658 Disk 0 trace - called modules:
21:49:26.673 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
21:49:26.673 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004919060]
21:49:26.673 3 CLASSPNP.SYS[fffff880019d043f] -> nt!IofCallDriver -> [0xfffffa800455fe40]
21:49:27.188 5 ACPI.sys[fffff88000e117a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T1L0-6[0xfffffa80047c1060]
21:49:28.498 AVAST engine scan C:\Windows
21:49:34.489 AVAST engine scan C:\Windows\system32
21:51:46.157 AVAST engine scan C:\Windows\system32\drivers
21:52:02.272 AVAST engine scan C:\Users\Ben
22:19:09.141 AVAST engine scan C:\ProgramData
22:22:08.548 Scan finished successfully
22:34:25.816 Disk 0 MBR has been saved successfully to "C:\Users\Ben\Desktop\MBR.dat"
22:34:25.820 The log file has been saved successfully to "C:\Users\Ben\Desktop\aswMBR2.txt"


When I ran the fixTDSS I got a note "Infected MBR detected" and I clicked repair. Not sure if thats what I was supposed to do. I then ran the aswMBR program again. Above is that log from that.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:40 PM

Posted 26 November 2011 - 11:52 PM

Greetings

How is the computer now?

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 narclepticfool

narclepticfool
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 28 November 2011 - 05:10 PM

ComboFix 11-11-27.02 - Ben 11/27/2011 19:29:55.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2520 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
c:\users\Ben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-28 )))))))))))))))))))))))))))))))
.
.
2011-11-28 00:37 . 2011-11-28 00:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-11-28 00:37 . 2011-11-28 00:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 17:54 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-26 17:54 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-26 17:54 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-26 17:54 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-23 01:02 . 2011-11-23 01:02 -------- d-----w- c:\users\Ben\AppData\Roaming\CIBtzPNyc1v2b4
2011-11-23 01:02 . 2011-11-23 01:02 -------- d-----w- c:\users\Ben\AppData\Roaming\TmHH5sQJ7EK8R9Y
2011-11-23 00:00 . 2011-11-23 00:00 -------- d-----w- c:\users\Ben\AppData\Roaming\x1uvS2obFpG
2011-11-23 00:00 . 2011-11-23 00:00 -------- d-----w- c:\users\Ben\AppData\Roaming\IfRZ9hTXwUeI
2011-11-23 00:00 . 2011-11-23 00:00 -------- d-----w- c:\users\Ben\AppData\Roaming\7EA7F
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\NRRZqhhXwkVeOtP
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\myycc11vD2nFpHs
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\eD2ooFFpmH5Q7EK
2011-11-22 22:48 . 2011-11-23 21:33 -------- d-----w- c:\users\Ben\AppData\Roaming\tCwkkUVrOBtx0
2011-11-22 22:48 . 2011-11-22 22:48 -------- d-----w- c:\users\Ben\AppData\Roaming\QS11ibD3oG4
2011-11-22 00:27 . 2011-11-25 01:46 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-11-18 23:15 . 2011-11-18 23:15 -------- d-----w- c:\users\Ben\AppData\Roaming\xcAA1uvDobF
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files\iTunes
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files (x86)\iTunes
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files\iPod
2011-11-16 10:44 . 2011-11-16 10:44 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 21:14 . 2011-11-12 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-12 02:24 . 2011-11-12 02:24 -------- d-----w- C:\$AVG
2011-11-12 02:19 . 2011-11-12 02:26 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-11-12 01:44 . 2011-11-28 00:22 -------- d-----w- c:\program files (x86)\Steam
2011-11-05 21:35 . 2011-11-05 21:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-11-05 21:26 . 2011-11-05 21:26 -------- d-----w- c:\users\Ben\AppData\Roaming\AVG
2011-11-05 21:18 . 2011-11-05 21:18 -------- d-----w- c:\users\Ben\AppData\Roaming\PC Cleaners
2011-11-05 21:18 . 2011-11-05 21:17 5359888 ----a-w- c:\windows\uninst.exe
2011-11-05 21:18 . 2011-11-05 21:18 -------- d-----w- c:\programdata\PC1Data
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-11-05 20:03 . 2011-11-05 20:03 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-11-05 20:03 . 2011-11-28 00:25 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-05 20:03 . 2011-11-16 10:38 -------- d-----w- c:\programdata\AVG2012
2011-11-05 19:40 . 2011-11-05 19:40 -------- d-----w- c:\users\Ben\AppData\Local\AskToolbar
2011-11-05 18:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DABCBCE1-65AB-4847-967D-F29D3F71F969}\mpengine.dll
2011-11-05 15:31 . 2011-11-05 15:31 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2011-11-05 15:30 . 2011-11-05 15:30 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 22:09 . 2011-05-28 14:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-06 00:38 . 2010-04-14 00:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 10:23 . 2011-10-07 10:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-06 02:36 . 2011-10-06 02:36 58656 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{351ACE1A-83A5-491A-968C-9DFF3C422224}\ARPPRODUCTICON.exe
2011-10-01 03:25 . 2011-10-13 09:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 09:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2010-05-17 18:57 . 2010-05-17 18:57 1907136 ----a-w- c:\program files (x86)\Common Files\C721_V1.1.2263.0605_SETUP.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-25_10.47.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2011-11-28 00:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-25 06:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-25 06:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 00:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-25 06:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 00:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 06:16 . 2011-11-27 02:49 71516 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-28 00:23 48394 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-23 06:04 . 2011-11-28 00:23 27454 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-329962659-1341633783-230305914-1000_UserData.bin
- 2009-11-23 08:04 . 2011-11-25 02:55 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-23 08:04 . 2011-11-28 00:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-23 08:04 . 2011-11-28 00:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-23 08:04 . 2011-11-25 02:55 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-28 00:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-25 02:55 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-01 00:15 . 2011-11-25 01:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 00:15 . 2011-11-28 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-05 02:06 . 2011-11-26 21:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-05 02:06 . 2011-11-25 01:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-11-05 02:06 . 2011-11-26 21:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-11-05 02:06 . 2011-11-25 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-11-05 02:06 . 2011-11-26 21:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-11-05 02:06 . 2011-11-25 01:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2009-12-01 00:15 . 2011-11-28 00:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 00:15 . 2011-11-25 01:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 00:15 . 2011-11-25 01:17 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 00:15 . 2011-11-28 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 05:09 . 2011-11-28 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-23 05:09 . 2011-11-05 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-23 05:09 . 2011-11-05 01:10 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 05:09 . 2011-11-28 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 06:07 . 2011-11-27 04:01 4068 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-11-29 06:07 . 2011-11-24 03:37 4068 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-05-18 12:04 . 2011-11-04 01:14 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2010-05-18 12:04 . 2011-11-27 04:01 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-11-25 01:17 . 2011-11-25 01:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-28 00:20 . 2011-11-28 00:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-25 01:17 . 2011-11-25 01:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-28 00:20 . 2011-11-28 00:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:45 . 2011-10-14 00:52 294968 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2011-11-26 21:57 294968 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:46 . 2011-11-28 00:26 107328 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 05:01 . 2011-11-27 04:01 282180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-04 01:14 282180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:45 . 2011-11-26 22:00 7370260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-10-30 15:52 7370260 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2011-10-14 00:52 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-26 19:44 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-11-23 13:42 . 2011-11-26 19:42 52174280 c:\windows\system32\MRT.exe
+ 2011-11-07 00:02 . 2011-11-27 04:01 11312416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329962659-1341633783-230305914-1000-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-05 20:04 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-05 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzYtOTI4NTE0MDEzLVRCOSsxLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1831&mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-8 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 BlackBox;BlackBox SR2; [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-06 2152152]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2002-01-01 19952]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-05 246624]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:24]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:24]
.
2011-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329962659-1341633783-230305914-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 19:53]
.
2011-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329962659-1341633783-230305914-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 19:53]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: netflix.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0jixbene.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox|http://forecast.weather.gov/MapClick.php?zoneid=MEZ019&zflg=1|http://vfrworld.com/forums/content.php|http://www.marksdailyapple.com/primal-blueprint-101/|http://www.stumbleupon.com/home/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8fee84ee-3dee-44e5-9cb6-4395424f0720%7D&mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-05%2016%3A04%3A16&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe
AddRemove-yuPlay ??????_is1 - c:\program files (x86)\steam\steamapps\common\wings of prey\yuPlay\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329962659-1341633783-230305914-1000\Software\SecuROM\License information*]
"datasecu"=hex:4c,35,83,6d,65,28,c5,cc,de,17,df,53,be,ab,38,09,3d,6f,9b,41,7c,
22,11,e8,05,26,3d,c2,d1,d2,50,45,a0,19,11,c7,82,99,50,7f,4b,52,49,eb,0e,09,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-27 19:39:45
ComboFix-quarantined-files.txt 2011-11-28 00:39
ComboFix2.txt 2011-11-25 11:09
.
Pre-Run: 291,669,065,728 bytes free
Post-Run: 291,492,306,944 bytes free
.
- - End Of File - - 3250BA501058D75ABCC1987024457B2E





It seems like it is fixed. I have noticed though, that it seem to take forever to boot now. It could just be my mind trying to find problems that don't really exist, but i feel like it used to be quite a bit faster booting. The redirect seems to be gone, the self starting internet explorer is gone. Thank you SOOOO much for your help! I never would have been able to get rid of this myself. Thank you!!!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:40 PM

Posted 28 November 2011 - 05:26 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\users\Ben\AppData\Roaming\CIBtzPNyc1v2b4
c:\users\Ben\AppData\Roaming\TmHH5sQJ7EK8R9Y
c:\users\Ben\AppData\Roaming\x1uvS2obFpG
c:\users\Ben\AppData\Roaming\IfRZ9hTXwUeI
c:\users\Ben\AppData\Roaming\7EA7F
c:\users\Ben\AppData\Roaming\NRRZqhhXwkVeOtP
c:\users\Ben\AppData\Roaming\myycc11vD2nFpHs
c:\users\Ben\AppData\Roaming\eD2ooFFpmH5Q7EK
c:\users\Ben\AppData\Roaming\tCwkkUVrOBtx0
c:\users\Ben\AppData\Roaming\QS11ibD3oG4
c:\users\Ben\AppData\Local\AskToolbar
c:\program files (x86)\Ask.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo



Code:
Hello

I would like you to run This Cobofix script for me. It will upload some files to analyzed by our experts so it is very important to be connected to the internet at the time of the scan.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

put script here

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**
  • When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

"information and logs"

  • In your next post I need the following

  • The report from combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 narclepticfool

narclepticfool
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 01 December 2011 - 09:46 PM

ComboFix 11-12-01.03 - Ben 12/01/2011 16:59:25.4.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2705 [GMT -5:00]
Running from: c:\users\Ben\Desktop\ComboFix.exe
Command switches used :: c:\users\Ben\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\users\Ben\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.dll
c:\users\Ben\AppData\Local\AskToolbar\Downloaded Program Files\xaddon.inf
c:\users\Ben\AppData\Roaming\7EA7F\FE86.EA7
c:\users\Ben\AppData\Roaming\CIBtzPNyc1v2b4\AV Protection 2011.ico
c:\users\Ben\AppData\Roaming\myycc11vD2nFpHs\AV Protection 2011.ico
c:\users\Ben\AppData\Roaming\x1uvS2obFpG\AV Protection 2011.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-11-02 to 2011-12-02 )))))))))))))))))))))))))))))))
.
.
2011-12-01 22:06 . 2011-12-01 22:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-12-01 22:06 . 2011-12-01 22:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-26 17:54 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-26 17:54 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-26 17:54 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-26 17:54 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-22 00:27 . 2011-11-25 01:46 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2011-11-18 23:15 . 2011-11-18 23:15 -------- d-----w- c:\users\Ben\AppData\Roaming\xcAA1uvDobF
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files\iTunes
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files (x86)\iTunes
2011-11-18 05:08 . 2011-11-18 05:08 -------- d-----w- c:\program files\iPod
2011-11-16 10:44 . 2011-11-16 10:44 -------- d-----w- c:\windows\system32\Macromed
2011-11-12 21:14 . 2011-11-12 21:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-12 02:24 . 2011-11-12 02:24 -------- d-----w- C:\$AVG
2011-11-12 02:19 . 2011-11-12 02:26 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-11-12 01:44 . 2011-12-01 20:50 -------- d-----w- c:\program files (x86)\Steam
2011-11-05 21:35 . 2011-11-05 21:35 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-11-05 21:26 . 2011-11-05 21:26 -------- d-----w- c:\users\Ben\AppData\Roaming\AVG
2011-11-05 21:18 . 2011-11-05 21:18 -------- d-----w- c:\users\Ben\AppData\Roaming\PC Cleaners
2011-11-05 21:18 . 2011-11-05 21:17 5359888 ----a-w- c:\windows\uninst.exe
2011-11-05 21:18 . 2011-11-05 21:18 -------- d-----w- c:\programdata\PC1Data
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2011-11-05 20:04 . 2011-11-05 20:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2011-11-05 20:03 . 2011-11-05 20:03 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2011-11-05 20:03 . 2011-12-01 23:57 -------- d-----w- c:\windows\system32\drivers\AVG
2011-11-05 20:03 . 2011-11-16 10:38 -------- d-----w- c:\programdata\AVG2012
2011-11-05 18:17 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DABCBCE1-65AB-4847-967D-F29D3F71F969}\mpengine.dll
2011-11-05 15:31 . 2011-11-05 15:31 -------- d-----w- c:\users\Ben\AppData\Roaming\Malwarebytes
2011-11-05 15:30 . 2011-11-05 15:30 -------- d-----w- c:\programdata\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-18 22:09 . 2011-05-28 14:17 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-06 00:38 . 2010-04-14 00:01 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-10-07 10:23 . 2011-10-07 10:23 283728 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2011-10-06 02:36 . 2011-10-06 02:36 58656 ----a-r- c:\users\Ben\AppData\Roaming\Microsoft\Installer\{351ACE1A-83A5-491A-968C-9DFF3C422224}\ARPPRODUCTICON.exe
2011-10-01 03:25 . 2011-10-13 09:47 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-13 09:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-09-13 10:30 . 2011-09-13 10:30 37456 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2010-05-17 18:57 . 2010-05-17 18:57 1907136 ----a-w- c:\program files (x86)\Common Files\C721_V1.1.2263.0605_SETUP.exe
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-28_00.37.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-11-28 00:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-01 22:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-11-28 00:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 22:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 22:08 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-28 00:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 06:16 . 2011-11-28 01:02 72390 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-01 20:52 48608 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-23 06:04 . 2011-12-01 20:52 28212 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-329962659-1341633783-230305914-1000_UserData.bin
- 2009-11-23 08:04 . 2011-11-28 00:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-23 08:04 . 2011-12-01 22:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-23 08:04 . 2011-12-01 22:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-23 08:04 . 2011-11-28 00:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-01 22:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-28 00:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 00:15 . 2011-12-01 22:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-01 00:15 . 2011-11-28 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-01 00:15 . 2011-12-01 22:10 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 00:15 . 2011-11-28 00:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-01 00:15 . 2011-11-28 00:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-01 00:15 . 2011-12-01 22:10 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-23 05:09 . 2011-12-02 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-23 05:09 . 2011-11-28 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-23 05:09 . 2011-12-02 02:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-23 05:09 . 2011-11-28 00:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-29 06:07 . 2011-12-01 22:07 4068 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2009-11-29 06:07 . 2011-11-27 04:01 4068 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2010-05-18 12:04 . 2011-12-01 22:07 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2010-05-18 12:04 . 2011-11-27 04:01 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-12-01 22:08 . 2011-12-01 22:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-28 00:20 . 2011-11-28 00:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-01 22:08 . 2011-12-01 22:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-28 00:20 . 2011-11-28 00:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-24 19:04 . 2011-11-28 11:04 352174 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-11-08 21:58 632930 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-01 22:12 632930 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-08 21:58 110564 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-01 22:12 110564 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-11-27 04:01 282180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-12-01 22:07 282180 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-29 14:26 . 2011-11-29 14:26 2833408 c:\windows\Installer\91f0af.msi
+ 2011-11-07 00:02 . 2011-12-01 22:07 11809112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-329962659-1341633783-230305914-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2011-11-05 20:04 1451336 ----a-w- c:\program files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [BU]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll" [2011-11-05 1451336]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-11-12 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFMS0ctWU9CNkYtMlk0WFAtQUVPS08tQkszRE0tMg&inst=NzYtOTI4NTE0MDEzLVRCOSsxLUZMKzktRjEwTSs1LVFJWDErMy1YMjAxMCsyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1831&mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33" [?]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-8 1133856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
R3 BlackBox;BlackBox SR2; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MotioninJoyUSBFilter;MotioninJoy USB Filter Driver;c:\windows\system32\DRIVERS\MijUfilt.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2002-01-01 19952]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2010c\RpcAgentSrv.exe [2009-08-24 93336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\DRIVERS\xpadfl02.sys [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-06 2152152]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]
S2 vToolbarUpdater;vToolbarUpdater;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-11-05 246624]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:24]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-27 16:24]
.
2011-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329962659-1341633783-230305914-1000Core.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 19:53]
.
2011-12-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329962659-1341633783-230305914-1000UA.job
- c:\users\Ben\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-13 19:53]
.
.
--------- x86-64 -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: netflix.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
FF - ProfilePath - c:\users\Ben\AppData\Roaming\Mozilla\Firefox\Profiles\0jixbene.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|https://mail.google.com/mail/?shva=1#inbox|http://forecast.weather.gov/MapClick.php?zoneid=MEZ019&zflg=1|http://vfrworld.com/forums/content.php|http://www.marksdailyapple.com/primal-blueprint-101/|http://www.stumbleupon.com/home/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8fee84ee-3dee-44e5-9cb6-4395424f0720%7D&mid=ccc87aa8a6978a3569c87ff29fceba47-d2a783db7b74cf4c28262f566eefbb6e8e10be33&ds=AVG&v=8.0.0.40&lang=en&pr=fr&d=2011-11-05%2016%3A04%3A16&sap=ku&q=
FF - prefs.js: network.proxy.type - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-GoldenEye: Source - c:\program files (x86)\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe
AddRemove-yuPlay ??????_is1 - c:\program files (x86)\steam\steamapps\common\wings of prey\yuPlay\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329962659-1341633783-230305914-1000\Software\SecuROM\License information*]
"datasecu"=hex:4c,35,83,6d,65,28,c5,cc,de,17,df,53,be,ab,38,09,3d,6f,9b,41,7c,
22,11,e8,05,26,3d,c2,d1,d2,50,45,a0,19,11,c7,82,99,50,7f,4b,52,49,eb,0e,09,\
"rkeysecu"=hex:7d,40,10,cb,c7,39,e0,67,0a,69,a8,47,07,da,5b,5c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2011-12-01 21:40:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-02 02:40
ComboFix2.txt 2011-11-28 00:39
ComboFix3.txt 2011-11-25 11:09
.
Pre-Run: 289,059,917,824 bytes free
Post-Run: 288,636,813,312 bytes free
.
- - End Of File - - D8505B2355E15FC0664D302EAD6A1DD6




So when I ran combo fix, I was unable to open anything after it re-booted and finished. I had to reboot again to be allowed to run any programs. Is that normal?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users