Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect and Virus Warning Popups


  • This topic is locked This topic is locked
31 replies to this topic

#1 Agg

Agg

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 28 May 2012 - 09:01 PM

I need some help with some malware that has appeared on my computer. A couple weeks ago, google started redirecting my search results and now noticed that Outlook has started poping up e-mails to be sent out. I am running Windows 7 with AVG. Running scans with AVG, AdAware, Malwarebytes, but nothing comes up. I would appreciate any help with trying to clean up my system. Thanks in advance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 28 May 2012 - 11:27 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Agg

Agg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 May 2012 - 01:30 AM

Thank you for the fast reply!!

I was able to download and run the SecurityCheck and DDS programs. I am still have the issue with Google redirecting search results as well as internet explorer randomly shutting down.


Here are the results from Security Check:

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 26
Java version out of date!
Adobe Reader X (10.1.2)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Here are the results from DDS:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Josh at 1:11:26 on 2012-05-29
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.5925 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride = *.local;<local>
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
uPolicies-explorer: <NO NAME> =
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{027997CA-30B1-4569-9046-DB6B87251F95} : DhcpNameServer = 208.180.42.68 208.180.42.100
TCP: Interfaces\{027997CA-30B1-4569-9046-DB6B87251F95}\A4563737963616 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{027997CA-30B1-4569-9046-DB6B87251F95}\D656469616C696E6B6 : DhcpNameServer = 208.180.42.68 208.180.42.100
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
IE-X64: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-28 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-2-6 13672]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-4-29 932736]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:10:55;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-26 236016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-12 257696]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-22 1025352]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-5-20 1432400]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-29 05:40:50 -------- d-----w- C:\ProgramData\GFI Software
2012-05-27 06:18:09 -------- d-----w- C:\Users\Josh\AppData\Local\adaware
2012-05-27 06:17:53 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-05-21 01:13:29 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-05-21 01:10:13 -------- d-----w- C:\Program Files (x86)\AutoCAD Civil 3D 2013
2012-05-21 01:08:20 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-05-21 01:08:20 -------- d-----w- C:\Program Files\Autodesk
2012-05-21 01:07:42 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2012-05-21 01:07:42 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2012-05-21 01:07:35 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-21 01:06:19 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2012-05-21 01:06:19 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-05-21 01:06:17 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2012-05-21 01:06:17 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-05-21 01:06:16 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2012-05-21 01:06:16 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2012-05-21 01:06:15 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2012-05-21 01:06:15 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-05-21 00:48:20 -------- d-----w- C:\autodesk
2012-05-20 23:53:25 -------- d-----w- C:\Users\Josh\AppData\Local\Akamai
2012-05-14 19:59:24 -------- d-----w- C:\Users\Josh\AppData\Local\{0408420C-9B99-4FC8-AF6F-84515330FB6D}
2012-05-14 19:59:13 -------- d-----w- C:\Users\Josh\AppData\Local\{EB452F80-C9B7-468C-9196-F7278A17BFEB}
2012-05-09 06:51:16 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-09 06:51:16 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-09 06:51:16 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-09 06:51:15 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-05-09 06:51:13 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-09 06:51:13 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-09 06:51:01 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-05-09 06:50:55 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-09 06:50:54 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:50:54 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-09 06:50:54 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-09 06:50:54 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-09 06:50:54 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:53:49 -------- d-----w- C:\Users\Josh\AppData\Roaming\WindSolutions
2012-05-09 04:53:49 -------- d-----w- C:\ProgramData\WindSolutions
2012-05-07 19:02:42 -------- d-----w- C:\Users\Josh\AppData\Local\Windows Live
2012-05-07 19:02:10 -------- d-----w- C:\Users\Josh\AppData\Local\{BBD51EEF-CDA5-4136-B37A-FB1C37A900F9}
2012-05-02 13:51:35 -------- d-----w- C:\Users\Josh\AppData\Local\AVG Secure Search
.
==================== Find3M ====================
.
2012-05-24 18:31:52 952 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-05-05 17:46:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:46:15 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:46:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
============= FINISH: 1:20:33.19 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/7/2011 10:50:08 PM
System Uptime: 5/29/2012 12:42:18 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 002RX9
Processor: Intel® Core™ i7-2600 CPU @ 3.40GHz | CPU 1 | 3401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 743.59 GiB free.
D: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SBRE
Device ID: ROOT\LEGACY_SBRE\0000
Manufacturer:
Name: SBRE
PNP Device ID: ROOT\LEGACY_SBRE\0000
Service: SBRE
.
==== System Restore Points ===================
.
RP177: 5/22/2012 3:00:22 AM - Windows Update
RP178: 5/28/2012 4:06:03 PM - Installed Dell MusicStage
RP179: 5/29/2012 12:38:37 AM - Removed Ad-Aware Antivirus.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Ad-Aware Browsing Protection
Adobe AIR
Adobe Reader X (10.1.2)
Akamai NetSession Interface
Amazon Add to Wish List IE Extension 1.2
Apple Application Support
Apple Software Update
AutoCAD Civil 3D 2010
AutoCAD Civil 3D 2010 Language Pack - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Design Review 2010
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Bing Bar
Bing Rewards Client Installer
Catalyst Control Center InstallProxy
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Consumer In-Home Service Agreement
ContentHD
Contents
CopyTrans Suite Remove Only
Corel Painter Photo Essentials 4
Corel PaintShop Photo Pro X3
Corel PaintShop Photo Project Creator
Cozi
CyberLink PowerDVD 9.5
D3DX10
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DeviceIO
DirectX 9 Runtime
FARO LS 1.1.406.58
Google Earth
GoToMeeting 4.5.0.457
GPL Ghostscript Lite 8.70
ICA
Intel® Rapid Storage Technology
IPM_PSP_CL
IPM_PSP_COM
IPM_PSP_PRJ
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual Basic Power Packs 3.0
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MLE
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
PhotoShowExpress
PSPH10Pro
PSPPContent
PSPPRO_DCRAW
PureHD
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Setup
Share
Skype Click to Call
Skype™ 5.5
Sonic CinePlayer Decoder Pack
THX TruStudio PC
TurboTax 2010
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VBA
VIO
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/29/2012 12:44:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
5/28/2012 9:00:18 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
5/26/2012 8:29:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 8:07:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
5/26/2012 8:07:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
5/26/2012 4:00:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/26/2012 4:00:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/26/2012 4:00:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/26/2012 4:00:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/26/2012 4:00:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/26/2012 4:00:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/26/2012 4:00:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia CSC ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
5/26/2012 4:00:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 4:00:33 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2012 4:00:33 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 4:00:33 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 4:00:33 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 4:00:33 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
5/26/2012 4:00:29 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2012 4:00:29 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2012 4:00:29 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
5/26/2012 4:00:29 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 29 May 2012 - 02:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Agg

Agg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 May 2012 - 08:52 PM

I was able to run ComboFix without any problems. It took around 45-60 minutes to run the program from start to finish. It appears that google does not redirect on every search, however if I run a search for MBAM the google results are still redirected to other websites.

Attached is a copy of the log from ComboFix.
ComboFix 12-05-29.01 - Josh 05/29/2012 19:33:49.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8175.6523 [GMT -5:00]
Running from: c:\users\Josh\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Josh\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
.
.
2012-05-30 01:02 . 2012-05-30 01:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-29 10:05 . 2012-05-15 06:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2EA03D36-6399-413F-8E6B-F11477D1B880}\mpengine.dll
2012-05-29 05:40 . 2012-05-29 05:40 -------- d-----w- c:\programdata\GFI Software
2012-05-27 06:18 . 2012-05-27 06:18 -------- d-----w- c:\users\Josh\AppData\Local\adaware
2012-05-27 06:17 . 2012-05-27 06:18 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-05-21 01:13 . 2012-05-21 01:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-05-21 01:10 . 2012-05-21 01:10 -------- d-----w- c:\program files (x86)\AutoCAD Civil 3D 2013
2012-05-21 01:08 . 2012-05-21 01:20 -------- d-----w- c:\program files\Autodesk
2012-05-21 01:08 . 2012-05-21 01:15 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-05-21 01:07 . 2012-05-21 01:07 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-05-21 01:07 . 2012-05-21 01:07 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-05-21 01:07 . 2012-05-21 01:07 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-05-21 01:06 . 2010-05-26 16:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-21 01:06 . 2010-05-26 16:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-05-21 01:06 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-21 01:06 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-05-21 01:06 . 2010-05-26 16:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-21 01:06 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-05-21 01:06 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-05-21 01:06 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-21 00:48 . 2012-05-21 00:48 -------- d-----w- C:\autodesk
2012-05-20 23:53 . 2012-05-20 23:53 -------- d-----w- c:\users\Josh\AppData\Local\Akamai
2012-05-16 08:01 . 2012-05-16 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-16 08:01 . 2012-05-16 08:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-09 06:51 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 06:51 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-09 06:51 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-09 06:51 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 06:51 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-09 06:51 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-09 06:51 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 06:50 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 06:50 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 06:50 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 06:50 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 06:50 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 06:50 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 04:53 . 2012-05-09 05:02 -------- d-----w- c:\users\Josh\AppData\Roaming\WindSolutions
2012-05-09 04:53 . 2012-05-09 05:02 -------- d-----w- c:\programdata\WindSolutions
2012-05-07 19:02 . 2012-05-14 19:58 -------- d-----w- c:\users\Josh\AppData\Local\Windows Live
2012-05-02 13:51 . 2012-05-02 13:51 -------- d-----w- c:\users\Josh\AppData\Local\AVG Secure Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-24 18:31 . 2011-04-22 18:04 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-05-05 17:46 . 2012-04-12 19:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:46 . 2011-09-08 15:11 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:46 . 2012-04-14 08:00 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-01 12:06 . 2012-03-01 12:06 10 ----a-w- c:\windows\Fonts\wfonts.key
2012-03-01 06:46 . 2012-04-12 08:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 08:00 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 08:00 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 08:00 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 08:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 08:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 08:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-29 17:54 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-29 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Josh\AppData\Local\Akamai\netsession_win.exe" [2012-05-08 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-18 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2010-10-27 75048]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-09-06 413696]
"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-06-27 105632]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 522736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-04-29 1116544]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-15 928096]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/01/28 20:10;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-10-27 236016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-09-04 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-05-21 1432400]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2010-07-30 25072]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-09-04 1116656]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-02-06 13672]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-04-29 932736]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:46]
.
2012-05-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-08-05 23:47]
.
2012-05-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-08-05 23:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-_{707EB912-C597-49D8-9460-46CC9AB03EBE} - c:\program files (x86)\Corel\Corel Painter Photo Essentials 4\MSILauncher {707EB912-C597-49D8-9460-46CC9AB03EBE}
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4d,4b,09,31,31,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Citrix\ICA Client\wfcrun32.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-05-29 20:29:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-30 01:29
.
Pre-Run: 797,298,331,648 bytes free
Post-Run: 797,276,147,712 bytes free
.
- - End Of File - - 6FB4B73BD5A8276B24A09619DF87A78B

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 29 May 2012 - 09:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Agg

Agg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 May 2012 - 09:13 PM

I am not able to run tdsskiller. I have downloaded the program, but everytime I try to run the program it does nothing.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 29 May 2012 - 09:16 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Agg

Agg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 May 2012 - 09:27 PM

I was able to run the TDSS Fix, and the result was Infected MBR detected. Should I run the repair?

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 29 May 2012 - 09:34 PM

yes run the repair please


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Agg

Agg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 May 2012 - 09:41 PM

Gringo, I repaired the file sucessfully and restarted the computer. As windows is restarting, I am tecieving a bootup message that the computer is unable to start and I need to I am have run startup repair.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 29 May 2012 - 09:50 PM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Agg

Agg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 May 2012 - 10:33 PM

Gringo, Thanks again for your help. I was able to run the FRST64 scan.

Here is a copy of theh log from FRST64:

Scan result of Farbar Recovery Scan Tool Version: 29-05-2012 02
Ran by SYSTEM at 29-05-2012 22:22:05
Running from G:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10920552 2010-06-22] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2010-10-26] (cyberlink)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-09-03] (Sonic Solutions)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [413696 2008-09-06] (Apple Inc.)
HKLM-x32\...\Run: [Standby] "C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START [105632 2010-06-27] (Corel)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [522736 2010-11-01] ()
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-10-09] (Apple Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1116544 2012-04-29] ()
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [928096 2012-01-15] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKU\Josh\...\Run: [Akamai NetSession Interface] "C:\Users\Josh\AppData\Local\Akamai\netsession_win.exe" [3331872 2012-05-07] (Akamai Technologies, Inc)
Tcpip\Parameters: [DhcpNameServer] 208.180.42.68 208.180.42.100

==================== Services (Whitelisted) ======

2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [19232 2012-01-31] (Autodesk, Inc.)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2391832 2011-11-23] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)
2 CLKMSVC10_9EC60124; "C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe" /svc [236016 2010-10-26] (CyberLink)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2010-09-13] (Intel Corporation)
2 IntuitUpdateService; "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe" [13672 2010-08-23] (Intuit Inc.)
2 IntuitUpdateServiceV4; "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" [13672 2012-02-06] (Intuit Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 NOBU; "C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe" SERVICE [2823000 2010-08-25] (Dell, Inc.)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
3 RoxMediaDB12OEM; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe" [1116656 2010-09-03] (Sonic Solutions)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-09-03] (Sonic Solutions)
2 vToolbarUpdater11.0.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [932736 2012-04-29] ()

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-10] (AVG Technologies CZ, s.r.o. )
0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-10] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-10] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-10] (AVG Technologies CZ, s.r.o.)
1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-07-14] (Citrix Systems, Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 PcdrNdisuio; C:\Windows\SysWow64\drivers\pcdrndisuio.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-29 22:21 - 2012-05-29 22:22 - 0000000 ____D C:\FRST
2012-05-29 18:17 - 2012-05-29 18:17 - 1932256 ____A (Symantec Corporation) C:\Users\Josh\Desktop\FixTDSS.exe
2012-05-29 18:05 - 2012-05-29 18:06 - 4731392 ____A (AVAST Software) C:\Users\Josh\Desktop\aswMBR.exe
2012-05-29 18:04 - 2012-05-29 18:04 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Desktop\tdsskiller.exe
2012-05-29 17:29 - 2012-05-29 17:29 - 0024440 ____A C:\ComboFix.txt
2012-05-29 17:07 - 2012-05-29 17:07 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-29 17:05 - 2012-05-29 17:05 - 0000546 ____A C:\Windows\PFRO.log
2012-05-29 16:26 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-05-29 16:26 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-05-29 16:26 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-05-29 16:26 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-05-29 16:26 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-05-29 16:26 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-05-29 16:26 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-05-29 16:26 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-05-29 16:25 - 2012-05-29 17:30 - 0000000 ____D C:\ComboFix
2012-05-29 16:25 - 2012-05-29 17:14 - 0000000 ____D C:\Windows\ERDNT
2012-05-29 16:24 - 2012-05-29 17:30 - 0000000 ____D C:\Qoobox
2012-05-29 16:02 - 2012-05-29 16:02 - 4530590 ____R (Swearware) C:\Users\Josh\Desktop\ComboFix.exe
2012-05-28 22:11 - 2012-05-28 22:11 - 0607260 ____R (Swearware) C:\Users\Josh\Desktop\dds.com
2012-05-28 22:10 - 2012-05-28 22:10 - 0000031 ____A C:\Users\Josh\AppData\Roaming\mbam.context.scan
2012-05-28 21:48 - 2012-05-28 21:48 - 0000470 ____A C:\Users\Josh\Desktop\defogger_disable.log
2012-05-28 21:48 - 2012-05-28 21:48 - 0000000 ____A C:\Users\Josh\defogger_reenable
2012-05-28 21:40 - 2012-05-28 21:40 - 0000000 ____D C:\Users\All Users\GFI Software
2012-05-28 21:14 - 2012-05-28 21:14 - 0853862 ____A C:\Users\Josh\Desktop\SecurityCheck.exe
2012-05-28 21:08 - 2012-05-28 21:08 - 0853862 ____A C:\Users\Josh\Documents\SecurityCheck.exe
2012-05-28 21:06 - 2012-05-28 21:06 - 0050477 ____A C:\Users\Josh\Downloads\Defogger.exe
2012-05-28 21:06 - 2012-05-28 21:06 - 0050477 ____A C:\Users\Josh\Desktop\Defogger.exe
2012-05-26 22:18 - 2012-05-26 22:18 - 0000000 ____D C:\Users\Josh\AppData\Local\adaware
2012-05-26 22:17 - 2012-05-27 09:00 - 0001870 ____A C:\Users\Josh\Documents\Ad-Aware Antivirus.lnk
2012-05-26 22:17 - 2012-05-26 22:18 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-05-26 17:35 - 2012-05-29 18:36 - 0078801 ____A C:\Windows\WindowsUpdate.log
2012-05-26 17:31 - 2012-05-29 18:18 - 0000280 ____A C:\Windows\setupact.log
2012-05-26 17:31 - 2012-05-26 17:31 - 0000000 ____A C:\Windows\setuperr.log
2012-05-26 17:29 - 2012-05-26 17:30 - 0013342 ____A C:\Windows\ntbtlog.txt
2012-05-26 17:08 - 2012-05-26 17:08 - 0000000 ____D C:\Users\Josh\Desktop\backups
2012-05-26 13:40 - 2012-05-26 13:40 - 0018694 ____A C:\Users\Josh\Desktop\hijackthis.log
2012-05-20 17:36 - 2012-05-20 17:36 - 0000196 ___AH C:\Users\Josh\Documents\Drawing1.dwl2
2012-05-20 17:36 - 2012-05-20 17:36 - 0000046 ___AH C:\Users\Josh\Documents\Drawing1.dwl
2012-05-20 17:13 - 2012-05-20 17:13 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-05-20 17:10 - 2012-05-20 17:10 - 0000000 ____D C:\Program Files (x86)\AutoCAD Civil 3D 2013
2012-05-20 17:08 - 2012-05-20 17:20 - 0000000 ____D C:\Program Files\Autodesk
2012-05-20 17:08 - 2012-05-20 17:15 - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-05-20 17:07 - 2012-05-20 17:07 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2012-05-20 17:07 - 2012-05-20 17:07 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-05-20 17:07 - 2012-05-20 17:07 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-20 17:06 - 2010-05-26 08:41 - 2526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-05-20 17:06 - 2010-05-26 08:41 - 2401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-05-20 17:06 - 2010-05-26 08:41 - 2106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-05-20 17:06 - 2010-05-26 08:41 - 1998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-05-20 17:06 - 2010-05-26 08:41 - 0511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-05-20 17:06 - 2010-05-26 08:41 - 0470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-05-20 17:06 - 2010-05-26 08:41 - 0276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-05-20 17:06 - 2010-05-26 08:41 - 0248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-05-20 17:01 - 2012-05-22 00:02 - 0773030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-20 16:48 - 2012-05-20 16:48 - 0000000 ____D C:\autodesk
2012-05-20 15:53 - 2012-05-20 15:53 - 0000000 ____D C:\Users\Josh\AppData\Local\Akamai
2012-05-20 15:51 - 2012-05-20 15:51 - 0014601 ____A C:\Users\Josh\Documents\contacts.xlsx
2012-05-20 15:50 - 2012-05-20 15:50 - 0006728 ____A C:\Users\Josh\Documents\contacts.csv
2012-05-20 15:00 - 2012-05-20 15:00 - 7908890 ____A C:\Users\Josh\Downloads\0885 P-70 Base.dwg
2012-05-19 19:09 - 2012-05-19 19:09 - 0312636 ____A C:\Users\Josh\Documents\www.southwest.com - viewCheckinDocument.pdf
2012-05-16 00:01 - 2012-05-16 00:01 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 00:01 - 2012-05-16 00:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 11:59 - 2012-05-14 11:59 - 0000000 ____D C:\Users\Josh\AppData\Local\{EB452F80-C9B7-468C-9196-F7278A17BFEB}
2012-05-14 11:59 - 2012-05-14 11:59 - 0000000 ____D C:\Users\Josh\AppData\Local\{0408420C-9B99-4FC8-AF6F-84515330FB6D}
2012-05-09 00:22 - 2012-05-09 00:22 - 4738732 ____A C:\Users\Josh\Downloads\09 - The Yellow Rose.mp3
2012-05-08 22:51 - 2012-03-30 22:05 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-08 22:51 - 2012-03-30 20:39 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-08 22:51 - 2012-03-30 20:39 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-08 22:51 - 2012-03-30 19:10 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-08 22:51 - 2012-03-16 23:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-08 22:51 - 2012-03-02 22:35 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-08 22:51 - 2012-03-02 21:31 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-08 22:50 - 2012-03-30 03:35 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-08 20:54 - 2012-05-08 20:54 - 0001364 ____A C:\Users\Josh\Documents\CopyTrans Control Center.lnk
2012-05-08 20:53 - 2012-05-08 21:02 - 0000000 ____D C:\Users\Josh\AppData\Roaming\WindSolutions
2012-05-08 20:53 - 2012-05-08 21:02 - 0000000 ____D C:\Users\All Users\WindSolutions
2012-05-08 20:52 - 2012-05-08 20:53 - 3874000 ____A (WindSolutions) C:\Users\Josh\Downloads\Install_CopyTrans_Suite (1).exe
2012-05-08 20:51 - 2012-05-08 20:52 - 3874000 ____A (WindSolutions) C:\Users\Josh\Downloads\Install_CopyTrans_Suite.exe.7n5h0pw.partial
2012-05-08 20:50 - 2012-05-08 20:50 - 0054025 ____A C:\Users\Josh\Documents\CopyTransReciept.pdf
2012-05-07 20:54 - 2012-05-07 22:40 - 0034304 ____A C:\Users\Josh\Documents\A CELIAC JOURNEY.doc
2012-05-07 11:02 - 2012-05-14 11:58 - 0000000 ____D C:\Users\Josh\AppData\Local\Windows Live
2012-05-07 11:02 - 2012-05-07 11:02 - 0000000 ____D C:\Users\Josh\AppData\Local\{BBD51EEF-CDA5-4136-B37A-FB1C37A900F9}
2012-05-02 05:51 - 2012-05-02 05:51 - 0000000 ____D C:\Users\Josh\AppData\Local\AVG Secure Search
2012-05-02 05:48 - 2012-05-02 05:48 - 1475959 ____A C:\Users\Josh\Documents\Composting- 3 ways.docx

============ 3 Months Modified Files and Folders =============

2012-05-29 22:22 - 2012-05-29 22:21 - 0000000 ____D C:\FRST
2012-05-29 18:36 - 2012-05-26 17:35 - 0078801 ____A C:\Windows\WindowsUpdate.log
2012-05-29 18:26 - 2009-07-13 20:45 - 0014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-29 18:26 - 2009-07-13 20:45 - 0014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-29 18:18 - 2012-05-26 17:31 - 0000280 ____A C:\Windows\setupact.log
2012-05-29 18:18 - 2011-01-28 19:55 - 2133823488 __ASH C:\hiberfil.sys
2012-05-29 18:18 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-29 18:17 - 2012-05-29 18:17 - 1932256 ____A (Symantec Corporation) C:\Users\Josh\Desktop\FixTDSS.exe
2012-05-29 18:06 - 2012-05-29 18:05 - 4731392 ____A (AVAST Software) C:\Users\Josh\Desktop\aswMBR.exe
2012-05-29 18:04 - 2012-05-29 18:04 - 2127448 ____A (Kaspersky Lab ZAO) C:\Users\Josh\Desktop\tdsskiller.exe
2012-05-29 17:46 - 2012-04-12 11:25 - 0000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-05-29 17:30 - 2012-05-29 16:25 - 0000000 ____D C:\ComboFix
2012-05-29 17:30 - 2012-05-29 16:24 - 0000000 ____D C:\Qoobox
2012-05-29 17:29 - 2012-05-29 17:29 - 0024440 ____A C:\ComboFix.txt
2012-05-29 17:14 - 2012-05-29 16:25 - 0000000 ____D C:\Windows\ERDNT
2012-05-29 17:07 - 2012-05-29 17:07 - 0000000 __SHD C:\$RECYCLE.BIN
2012-05-29 17:07 - 2009-07-13 18:34 - 0000215 ____A C:\Windows\system.ini
2012-05-29 17:06 - 2009-07-13 18:34 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-05-29 17:05 - 2012-05-29 17:05 - 0000546 ____A C:\Windows\PFRO.log
2012-05-29 17:01 - 2011-02-07 20:50 - 0000000 ____D C:\users\Josh
2012-05-29 16:02 - 2012-05-29 16:02 - 4530590 ____R (Swearware) C:\Users\Josh\Desktop\ComboFix.exe
2012-05-29 16:02 - 2011-04-01 19:53 - 0000000 ____D C:\Windows\System32\Drivers\AVG
2012-05-29 16:01 - 2011-02-07 20:53 - 0000422 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-05-29 03:09 - 2011-03-23 04:05 - 0000000 ____D C:\Users\All Users\MFAData
2012-05-28 22:11 - 2012-05-28 22:11 - 0607260 ____R (Swearware) C:\Users\Josh\Desktop\dds.com
2012-05-28 22:10 - 2012-05-28 22:10 - 0000031 ____A C:\Users\Josh\AppData\Roaming\mbam.context.scan
2012-05-28 21:48 - 2012-05-28 21:48 - 0000470 ____A C:\Users\Josh\Desktop\defogger_disable.log
2012-05-28 21:48 - 2012-05-28 21:48 - 0000000 ____A C:\Users\Josh\defogger_reenable
2012-05-28 21:43 - 2011-02-07 20:53 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-05-28 21:40 - 2012-05-28 21:40 - 0000000 ____D C:\Users\All Users\GFI Software
2012-05-28 21:39 - 2011-01-28 18:17 - 0000000 ____D C:\Users\All Users\Roxio
2012-05-28 21:14 - 2012-05-28 21:14 - 0853862 ____A C:\Users\Josh\Desktop\SecurityCheck.exe
2012-05-28 21:08 - 2012-05-28 21:08 - 0853862 ____A C:\Users\Josh\Documents\SecurityCheck.exe
2012-05-28 21:06 - 2012-05-28 21:06 - 0050477 ____A C:\Users\Josh\Downloads\Defogger.exe
2012-05-28 21:06 - 2012-05-28 21:06 - 0050477 ____A C:\Users\Josh\Desktop\Defogger.exe
2012-05-27 09:00 - 2012-05-26 22:17 - 0001870 ____A C:\Users\Josh\Documents\Ad-Aware Antivirus.lnk
2012-05-27 08:05 - 2009-07-13 21:13 - 0779306 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-26 22:18 - 2012-05-26 22:18 - 0000000 ____D C:\Users\Josh\AppData\Local\adaware
2012-05-26 22:18 - 2012-05-26 22:17 - 0000000 ____D C:\Users\All Users\Ad-Aware Browsing Protection
2012-05-26 17:31 - 2012-05-26 17:31 - 0000000 ____A C:\Windows\setuperr.log
2012-05-26 17:31 - 2012-01-23 21:41 - 0007667 ____A C:\aaw7boot.log
2012-05-26 17:30 - 2012-05-26 17:29 - 0013342 ____A C:\Windows\ntbtlog.txt
2012-05-26 17:20 - 2011-11-20 05:55 - 0000000 ____D C:\Windows\Minidump
2012-05-26 17:08 - 2012-05-26 17:08 - 0000000 ____D C:\Users\Josh\Desktop\backups
2012-05-26 13:40 - 2012-05-26 13:40 - 0018694 ____A C:\Users\Josh\Desktop\hijackthis.log
2012-05-24 18:18 - 2012-01-26 19:15 - 0000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2012-05-24 18:18 - 2012-01-26 19:15 - 0000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2012-05-24 11:03 - 2011-02-07 21:18 - 0000000 ____D C:\Users\Josh\AppData\Local\Corel
2012-05-24 10:31 - 2011-04-22 10:04 - 0000952 __ASH C:\Users\All Users\KGyGaAvL.sys
2012-05-24 10:31 - 2011-02-07 21:18 - 0000000 ____D C:\Users\Josh\Documents\My PSP Files
2012-05-22 00:23 - 2009-07-13 20:45 - 0571928 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-22 00:02 - 2012-05-20 17:01 - 0773030 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-20 17:36 - 2012-05-20 17:36 - 0000196 ___AH C:\Users\Josh\Documents\Drawing1.dwl2
2012-05-20 17:36 - 2012-05-20 17:36 - 0000046 ___AH C:\Users\Josh\Documents\Drawing1.dwl
2012-05-20 17:26 - 2011-02-08 18:20 - 0000000 ____D C:\Users\All Users\Autodesk
2012-05-20 17:23 - 2011-01-28 18:07 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-05-20 17:22 - 2011-02-08 18:21 - 0000000 ____D C:\Users\Josh\AppData\Roaming\Autodesk
2012-05-20 17:22 - 2011-02-08 18:21 - 0000000 ____D C:\Users\Josh\AppData\Local\Autodesk
2012-05-20 17:22 - 2011-02-07 20:50 - 0174104 ____A C:\Users\Josh\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-20 17:20 - 2012-05-20 17:08 - 0000000 ____D C:\Program Files\Autodesk
2012-05-20 17:15 - 2012-05-20 17:08 - 0000000 ____D C:\Program Files\Common Files\Autodesk Shared
2012-05-20 17:15 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-05-20 17:13 - 2012-05-20 17:13 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2012-05-20 17:10 - 2012-05-20 17:10 - 0000000 ____D C:\Program Files (x86)\AutoCAD Civil 3D 2013
2012-05-20 17:07 - 2012-05-20 17:07 - 0000000 ____D C:\Program Files\Microsoft Synchronization Services
2012-05-20 17:07 - 2012-05-20 17:07 - 0000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2012-05-20 17:07 - 2012-05-20 17:07 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-20 17:07 - 2011-01-28 18:15 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-20 17:06 - 2011-02-08 18:20 - 0000000 ____D C:\Program Files (x86)\Autodesk
2012-05-20 16:48 - 2012-05-20 16:48 - 0000000 ____D C:\autodesk
2012-05-20 15:53 - 2012-05-20 15:53 - 0000000 ____D C:\Users\Josh\AppData\Local\Akamai
2012-05-20 15:51 - 2012-05-20 15:51 - 0014601 ____A C:\Users\Josh\Documents\contacts.xlsx
2012-05-20 15:50 - 2012-05-20 15:50 - 0006728 ____A C:\Users\Josh\Documents\contacts.csv
2012-05-20 15:00 - 2012-05-20 15:00 - 7908890 ____A C:\Users\Josh\Downloads\0885 P-70 Base.dwg
2012-05-20 15:00 - 2011-02-08 18:21 - 0000000 ____D C:\Civil 3D Projects
2012-05-20 08:52 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-19 19:09 - 2012-05-19 19:09 - 0312636 ____A C:\Users\Josh\Documents\www.southwest.com - viewCheckinDocument.pdf
2012-05-16 00:01 - 2012-05-16 00:01 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-05-16 00:01 - 2012-05-16 00:01 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-14 11:59 - 2012-05-14 11:59 - 0000000 ____D C:\Users\Josh\AppData\Local\{EB452F80-C9B7-468C-9196-F7278A17BFEB}
2012-05-14 11:59 - 2012-05-14 11:59 - 0000000 ____D C:\Users\Josh\AppData\Local\{0408420C-9B99-4FC8-AF6F-84515330FB6D}
2012-05-14 11:58 - 2012-05-07 11:02 - 0000000 ____D C:\Users\Josh\AppData\Local\Windows Live
2012-05-13 20:06 - 2011-01-28 18:18 - 0000000 ____D C:\Users\All Users\Sonic
2012-05-09 00:22 - 2012-05-09 00:22 - 4738732 ____A C:\Users\Josh\Downloads\09 - The Yellow Rose.mp3
2012-05-09 00:08 - 2011-02-08 20:35 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-09 00:08 - 2011-02-08 18:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-09 00:00 - 2009-07-13 23:47 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-08 21:02 - 2012-05-08 20:53 - 0000000 ____D C:\Users\Josh\AppData\Roaming\WindSolutions
2012-05-08 21:02 - 2012-05-08 20:53 - 0000000 ____D C:\Users\All Users\WindSolutions
2012-05-08 20:54 - 2012-05-08 20:54 - 0001364 ____A C:\Users\Josh\Documents\CopyTrans Control Center.lnk
2012-05-08 20:53 - 2012-05-08 20:52 - 3874000 ____A (WindSolutions) C:\Users\Josh\Downloads\Install_CopyTrans_Suite (1).exe
2012-05-08 20:52 - 2012-05-08 20:51 - 3874000 ____A (WindSolutions) C:\Users\Josh\Downloads\Install_CopyTrans_Suite.exe.7n5h0pw.partial
2012-05-08 20:50 - 2012-05-08 20:50 - 0054025 ____A C:\Users\Josh\Documents\CopyTransReciept.pdf
2012-05-08 18:56 - 2011-02-08 19:10 - 0000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-07 22:40 - 2012-05-07 20:54 - 0034304 ____A C:\Users\Josh\Documents\A CELIAC JOURNEY.doc
2012-05-07 11:02 - 2012-05-07 11:02 - 0000000 ____D C:\Users\Josh\AppData\Local\{BBD51EEF-CDA5-4136-B37A-FB1C37A900F9}
2012-05-05 09:46 - 2012-04-14 00:00 - 8769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 09:46 - 2012-04-12 11:25 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 09:46 - 2011-09-08 07:11 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-02 05:51 - 2012-05-02 05:51 - 0000000 ____D C:\Users\Josh\AppData\Local\AVG Secure Search
2012-05-02 05:48 - 2012-05-02 05:48 - 1475959 ____A C:\Users\Josh\Documents\Composting- 3 ways.docx
2012-04-29 09:55 - 2012-01-12 23:49 - 0000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-04-29 09:55 - 2011-07-16 10:51 - 0000000 ____D C:\Users\All Users\Yahoo! Companion
2012-04-29 09:54 - 2012-01-12 23:49 - 0000000 ____D C:\Users\All Users\AVG Secure Search
2012-04-25 10:48 - 2012-04-25 10:48 - 0016191 ____A C:\Users\Josh\Documents\Play-doh recipe.docx
2012-04-22 19:30 - 2012-04-22 18:59 - 2428928 ____A C:\Users\Josh\Documents\GIG-Greater Dallas Accounting Form 2012-Qtr1.xls
2012-04-20 20:42 - 2012-04-20 20:42 - 0023164 ____A C:\Users\Josh\Documents\member_2012_complete 4-20.csv
2012-04-20 20:16 - 2012-04-20 20:16 - 0000053 ____A C:\Users\Josh\Downloads\googlea49a3911d48c5e3e.html
2012-04-20 20:16 - 2012-04-20 20:16 - 0000053 ____A C:\Users\Josh\Documents\googlea49a3911d48c5e3e.html
2012-04-20 05:41 - 2012-03-16 17:34 - 0012435 ____A C:\Users\Josh\Documents\Laundry Soap recipe.docx
2012-04-19 05:19 - 2012-04-19 05:19 - 0063626 ____A C:\Users\Josh\Documents\fuzzibunzpreceipt.pdf
2012-04-19 05:19 - 2012-04-19 05:19 - 0063622 ____A C:\Users\Josh\Documents\Fuzzibunz receipt.pdf
2012-04-18 10:06 - 2011-06-26 10:39 - 0000000 ____D C:\Users\Josh\Documents\Celiac Group
2012-04-13 06:49 - 2012-04-13 06:49 - 0529248 ____A C:\Users\Josh\Documents\2011 Millsap J Form 1040 Individual Tax Return.tax2011
2012-04-13 06:49 - 2012-04-13 06:49 - 0134794 ____A C:\Users\Josh\Documents\TurboTax_Print_Preview_04-13-2012T9.48.37.388.pdf
2012-04-13 06:49 - 2011-04-01 20:05 - 0000000 ____D C:\Users\Josh\Documents\TurboTax
2012-04-13 04:58 - 2012-04-13 04:58 - 0062339 ____A C:\Users\Josh\Documents\Joshua Millsap Resume.pdf
2012-04-13 04:57 - 2012-04-13 04:57 - 0021132 ____A C:\Users\Josh\Documents\Millsap Resume_04-12.docx
2012-04-12 19:18 - 2012-04-12 19:18 - 0000319 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.400.32.bc
2012-04-12 19:17 - 2011-04-01 19:22 - 0000000 ____D C:\Program Files (x86)\TurboTax
2012-04-04 22:02 - 2012-04-04 22:02 - 0036372 ____A C:\Users\Josh\Documents\member_2012_complete.xlsx
2012-04-04 22:02 - 2012-04-04 22:02 - 0022834 ____A C:\Users\Josh\Documents\member_2012_complete.csv
2012-03-30 22:05 - 2012-05-08 22:51 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-08 22:51 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-08 22:51 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-08 22:51 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-08 22:50 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 10:36 - 2011-11-08 21:20 - 0012672 ____A C:\Users\Josh\Documents\Finish the Baby Rhyme.docx
2012-03-28 04:17 - 2011-11-08 21:21 - 0027648 ____A C:\Users\Josh\Documents\Baby_Shower_Animal_Babies.doc
2012-03-18 05:03 - 2012-03-16 17:38 - 0052831 ____A C:\Users\Josh\Documents\GIG direction signs.docx
2012-03-16 23:58 - 2012-05-08 22:51 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-16 20:58 - 2012-03-16 20:58 - 0013197 ____A C:\Users\Josh\Documents\CATCHING PIGS.docx
2012-03-16 20:02 - 2011-02-07 20:50 - 0000000 ____D C:\Users\Josh\AppData\LocalLow
2012-03-13 20:51 - 2011-03-23 19:27 - 0005240 ____A C:\Users\Josh\Documents\plot.log
2012-03-13 19:30 - 2011-10-03 20:15 - 0000000 ____D C:\Solar Projects
2012-03-13 05:32 - 2012-03-13 05:32 - 0057344 ____A C:\Users\Josh\Documents\Invoice ATG.xls
2012-03-13 05:31 - 2012-03-13 05:31 - 0057344 ____A C:\Users\Josh\Documents\Copy of Invoice ATG.xls
2012-03-08 10:50 - 2012-03-08 10:25 - 0020810 ____A C:\Users\Josh\Documents\AGAINST THE GRAIN Sign.docx
2012-03-08 10:47 - 2012-03-08 10:36 - 0011889 ____A C:\Users\Josh\Documents\Against the Grain product list.docx
2012-03-08 10:43 - 2012-03-08 10:43 - 0013964 ____A C:\Users\Josh\Documents\Shelbs' Shower List.docx
2012-03-08 10:36 - 2012-03-08 10:36 - 0000162 ___AH C:\Users\Josh\Documents\~$ainst the Grain product list.docx
2012-03-08 10:25 - 2012-03-08 10:25 - 0000162 ___AH C:\Users\Josh\Documents\~$AINST THE GRAIN Sign.docx
2012-03-03 10:06 - 2011-10-04 13:28 - 0012876 ____A C:\Users\Josh\Documents\GIG-membership form (short).docx
2012-03-03 10:03 - 2011-09-28 22:08 - 0055210 ____A C:\Users\Josh\Documents\GIG Nametags.docx
2012-03-03 09:44 - 2012-03-03 09:44 - 0052349 ____A C:\Users\Josh\Documents\GIG of GD nametags.docx
2012-03-02 22:35 - 2012-05-08 22:51 - 1544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-03-02 21:31 - 2012-05-08 22:51 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-03-02 15:00 - 2011-12-09 08:27 - 0055648 ____A C:\Windows\System32\lvcoinst.log

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8174.63 MB
Available physical RAM: 7313.25 MB
Total Pagefile: 8172.78 MB
Available Pagefile: 7295.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:919.22 GB) (Free:742.3 GB) NTFS
4 Drive g: (My GS Drive) (Removable) (Total:3.81 GB) (Free:2.3 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (RECOVERY) (Fixed) (Total:12.25 GB) (Free:5.5 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3912 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 919 GB 12 GB

======================================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 FAT Partition 39 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y RECOVERY NTFS Partition 12 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C OS NTFS Partition 919 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3898 MB 17 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G My GS Drive FAT32 Removable 3898 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-05-28 22:53

======================= End Of Log ==========================

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 PM

Posted 29 May 2012 - 10:40 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr
 


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Agg

Agg
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 29 May 2012 - 10:48 PM

Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 29-05-2012 02
Ran by SYSTEM at 2012-05-29 22:46:19 Run:1
Running from G:\

==============================================


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

’žT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users