Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects and Audio Ads


  • This topic is locked This topic is locked
27 replies to this topic

#1 timaa66

timaa66

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 13 August 2012 - 04:18 PM

As the title states I am having problems with google redirects and also audio advertisements playing in the background. Also occasionally Firefox shuts down on me and I have had my computer automatically restart once or twice in the past week. This is the most persistent bug I have ever had every time I think it is gone it comes back. Attached is the DDS log and the GMER was not ran because of the 64bit OS.

Thank you for any assistance you can provide,
Tim


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
Run by Tim at 16:51:44 on 2012-08-13
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16328.13883 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_3_300_257_ActiveX.exe -update activex
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8849B25B-7455-455D-AD34-9C35B2CA7B62} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\oufncinr.default-1344806949599\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-12 44808]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 RadeonPro Support Service;RadeonPro Support Service;C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe [2011-11-15 12800]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\DRIVERS\asmthub3.sys --> C:\Windows\system32\DRIVERS\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\DRIVERS\asmtxhci.sys --> C:\Windows\system32\DRIVERS\asmtxhci.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;C:\Windows\system32\DRIVERS\e1q62x64.sys --> C:\Windows\system32\DRIVERS\e1q62x64.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-31 1431888]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-12 22:06:07 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-08-12 21:54:33 -------- d-----w- C:\Users\Tim\AppData\Roaming\Resource Tuner
2012-08-12 21:54:26 -------- d-----w- C:\Program Files (x86)\Resource Tuner
2012-08-12 21:39:48 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-12 21:20:07 -------- d-----w- C:\Program Files\CCleaner
2012-08-12 21:10:50 -------- d-----w- C:\Users\Tim\AppData\Local\VS Revo Group
2012-08-12 21:10:47 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2012-08-12 21:10:46 -------- d-----w- C:\Program Files\VS Revo Group
2012-08-12 20:58:27 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-12 19:51:03 442 ----a-w- C:\FixitRegBackup.reg
2012-08-12 17:22:07 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-08-12 17:22:07 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-08-12 17:22:07 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-08-12 17:21:57 41224 ----a-w- C:\Windows\avastSS.scr
2012-08-12 17:21:49 -------- d-----w- C:\ProgramData\AVAST Software
2012-08-12 17:21:49 -------- d-----w- C:\Program Files\AVAST Software
2012-08-12 16:00:41 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-02 06:38:02 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-08-02 03:33:08 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-02 03:12:23 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-02 02:49:41 -------- d-----w- C:\Users\Tim\AppData\Roaming\Malwarebytes
2012-08-02 02:49:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-02 02:49:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-29 17:13:29 -------- d---a-w- C:\Tesseract-OCR
2012-07-19 01:46:49 -------- d-----w- C:\Users\Tim\AppData\Local\SIX_Projects
2012-07-18 17:22:25 -------- d-sh--w- C:\ProgramData\SecuROM
2012-07-18 17:21:54 -------- d-----w- C:\Users\Tim\AppData\Local\Rockstar Games
2012-07-18 17:21:50 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-07-16 07:51:03 -------- d-----w- C:\Users\Tim\AppData\Roaming\six-updater
2012-07-16 07:51:02 -------- d-----w- C:\Users\Tim\AppData\Roaming\six-zsync
2012-07-16 07:50:20 -------- d-----w- C:\Users\Tim\AppData\Local\Downloaded Installations
2012-07-16 03:02:21 -------- d-----w- C:\Users\Tim\AppData\Local\ArmA 2 OA
.
==================== Find3M ====================
.
2012-08-13 00:33:13 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-13 00:33:13 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-13 00:32:46 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-12 16:05:18 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-12 16:05:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-25 12:57:18 4924 ----a-w- C:\AutoIt.reg
2012-06-19 14:58:02 94208 ----a-w- C:\Windows\ImageSearchDLL.dll
2012-06-19 14:58:02 852544 ----a-w- C:\Windows\System32\msvcr110.dll
2012-06-19 14:58:02 58880 ----a-w- C:\Windows\ImageSearchDLL_x64.dll
2012-06-19 14:58:02 1949760 ----a-w- C:\Windows\System32\msvcr110d.dll
2012-06-17 17:58:25 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-06-17 17:58:25 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll
2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll
2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll
2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe
2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll
2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll
2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 16:59:09.91 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/27/2011 9:03:36 AM
System Uptime: 8/13/2012 4:12:27 PM (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | Crosshair V Formula
Processor: AMD FX™-8150 Eight-Core Processor | AM3r2 | 3812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 84 GiB total, 17.563 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 60 GiB total, 13.862 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 557.695 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 72.953 GiB free.
H: is FIXED (NTFS) - 699 GiB total, 633.977 GiB free.
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP187: 8/12/2012 5:39:07 PM - Installed Java™ 7 Update 5
RP188: 8/12/2012 5:39:42 PM - Installed JavaFX 2.1.1
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Application Profiles
ARMA 2
ARMA 2: Operation Arrowhead
Asmedia ASM104x USB 3.0 Host Controller Driver
avast! Free Antivirus
Battlefield 3™
Battlelog Web Plugins
BattlEye for OA Uninstall
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Command & Conquer 3
Command & Conquer 3 Tiberium Wars™ Worldbuilder
D3DX10
DAEMON Tools Pro
Diablo III
ESET Online Scanner v3
ESN Sonar
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Hondata K-Series ECU Editor
HyperCam 2
Hyperionics DB Toolbar
Java Auto Updater
Java™ 7 Update 5
JavaFX 2.1.1
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect™ 3
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MTX
MTXExtractor
NVIDIA PhysX
OpenAL
OpenOffice.org 3.3
Orcs Must Die!
Origin
PunkBuster Services
QuickTime
RadeonPro 1.0 (Build 1.1.0.6)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sid Meier's Civilization V
Six Updater
Skype™ 5.10
SpeedFan (remove only)
Steam
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.11
VoiceOver Kit
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
8/13/2012 4:51:15 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/13/2012 4:20:59 PM, Error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
8/13/2012 4:12:50 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
8/12/2012 5:25:51 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/12/2012 5:25:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/12/2012 5:25:21 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/12/2012 5:25:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473536.
8/12/2012 5:25:21 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/12/2012 5:25:13 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/12/2012 5:23:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2012 5:09:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/12/2012 5:01:39 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/12/2012 5:01:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/12/2012 5:01:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/12/2012 5:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/12/2012 5:01:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/12/2012 5:01:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr Wanarpv6
8/12/2012 4:32:42 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/12/2012 4:29:18 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/12/2012 3:45:11 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/12/2012 3:45:11 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/12/2012 3:44:33 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/12/2012 3:44:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/12/2012 3:44:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/12/2012 3:22:19 PM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 5 time(s).
8/12/2012 3:11:57 PM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 4 time(s).
8/12/2012 2:25:19 PM, Error: Service Control Manager [7034] - The avast! Antivirus service terminated unexpectedly. It has done this 3 time(s).
8/12/2012 1:05:31 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
8/11/2012 12:48:08 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
8/11/2012 12:48:08 AM, Error: Service Control Manager [7034] - The AMD FUEL Service service terminated unexpectedly. It has done this 1 time(s).
8/11/2012 12:48:08 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================

Attached Files


Edited by timaa66, 13 August 2012 - 08:14 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 12:39 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 timaa66

timaa66
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 August 2012 - 04:32 PM

Hey Gringo thank you for helping me I hope we can get this done hassle free here :).

Here are the logs you requested. I initially had a problem running combofix but i re-downloaded it and ran as administrator and then it went fine despite taking almost an hour. Also I am still getting redirects from google I am not sure about the audio ads at this time because they were pretty random and didn't come up often.



Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````





ComboFix 12-08-15.01 - Tim 08/15/2012 16:36:54.3.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16328.14492 [GMT -4:00]
Running from: c:\users\Tim\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 21:06 . 2012-08-15 21:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 22:06 . 2012-08-12 22:06 -------- d-----w- c:\programdata\Kaspersky Lab
2012-08-12 21:54 . 2012-08-12 21:54 -------- d-----w- c:\users\Tim\AppData\Roaming\Resource Tuner
2012-08-12 21:54 . 2012-08-12 21:58 -------- d-----w- c:\program files (x86)\Resource Tuner
2012-08-12 21:40 . 2012-08-12 21:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-12 21:39 . 2012-08-12 21:39 -------- d-----w- c:\program files (x86)\Oracle
2012-08-12 21:20 . 2012-08-12 21:20 -------- d-----w- c:\program files\CCleaner
2012-08-12 21:10 . 2012-08-12 21:10 -------- d-----w- c:\users\Tim\AppData\Local\VS Revo Group
2012-08-12 21:10 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-08-12 21:10 . 2012-08-12 21:10 -------- d-----w- c:\program files\VS Revo Group
2012-08-12 19:51 . 2012-08-12 19:51 442 ----a-w- C:\FixitRegBackup.reg
2012-08-12 17:22 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-12 17:22 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-12 17:22 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-12 17:22 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-12 17:22 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-12 17:22 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-12 17:22 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-12 17:21 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-12 17:21 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-12 17:21 . 2012-08-12 17:21 -------- d-----w- c:\programdata\AVAST Software
2012-08-12 17:21 . 2012-08-12 17:21 -------- d-----w- c:\program files\AVAST Software
2012-08-12 16:00 . 2012-08-12 16:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-02 06:38 . 2012-08-02 06:38 -------- d-----w- c:\windows\Microsoft Antimalware
2012-08-02 03:33 . 2012-08-02 03:33 -------- d-----w- c:\program files (x86)\ESET
2012-08-02 03:12 . 2012-08-02 03:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-02 02:49 . 2012-08-02 02:49 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2012-08-02 02:49 . 2012-08-02 02:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 02:49 . 2012-08-02 02:49 -------- d-----w- c:\programdata\Malwarebytes
2012-07-29 17:13 . 2012-07-29 17:13 -------- d---a-w- C:\Tesseract-OCR
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-07-19 01:46 . 2012-07-19 01:46 -------- d-----w- c:\users\Tim\AppData\Local\SIX_Projects
2012-07-18 17:22 . 2012-07-18 17:22 -------- d-sh--w- c:\programdata\SecuROM
2012-07-18 17:21 . 2012-07-18 17:22 -------- d-----w- c:\users\Tim\AppData\Local\Rockstar Games
2012-07-18 17:21 . 2012-07-18 17:21 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:23 . 2011-07-28 08:58 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-15 02:23 . 2011-07-28 08:56 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-15 02:23 . 2011-07-28 08:56 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-14 02:17 . 2012-04-07 17:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-14 02:17 . 2011-07-28 09:23 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:20 . 2011-07-31 17:35 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2011-07-27 13:58 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-25 12:57 . 2012-07-08 04:10 4924 ----a-w- C:\AutoIt.reg
2012-06-19 14:58 . 2012-07-08 04:10 94208 ----a-w- c:\windows\ImageSearchDLL.dll
2012-06-19 14:58 . 2012-07-08 04:10 852544 ----a-w- c:\windows\system32\msvcr110.dll
2012-06-19 14:58 . 2012-07-08 04:10 58880 ----a-w- c:\windows\ImageSearchDLL_x64.dll
2012-06-19 14:58 . 2012-07-08 04:10 1949760 ----a-w- c:\windows\system32\msvcr110d.dll
2012-06-17 17:58 . 2012-03-18 07:40 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-17 17:58 . 2012-03-18 07:40 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-12 03:08 . 2012-07-11 15:21 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll
2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll
2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-06-11 17:23 . 2011-04-06 02:02 1090560 ----a-w- c:\windows\system32\aticfx64.dll
2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe
2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-06-11 17:01 . 2011-04-06 01:44 6914560 ----a-w- c:\windows\system32\atidxx64.dll
2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll
2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll
2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll
2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-06-11 16:25 . 2011-04-06 01:20 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll
2012-06-11 16:24 . 2012-06-11 16:24 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-06-09 05:43 . 2012-07-11 02:57 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 02:57 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 02:57 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 02:57 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 02:57 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 02:57 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 02:57 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 19:52 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 19:52 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 19:52 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 19:52 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 19:52 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 19:52 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 19:52 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 19:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 19:52 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 02:57 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 02:57 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 02:57 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 02:57 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 02:57 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 02:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 02:57 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 02:57 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 02:57 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-06-17 296056]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-31 1431888]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-29 1255736]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-27 254528]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-01-19 21992]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]
S2 RadeonPro Support Service;RadeonPro Support Service;c:\program files (x86)\RadeonPro\RadeonProSupport.exe [2011-02-10 12800]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 e1qexpress;Intel® PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [2010-10-25 303280]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-03 11842152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\oufncinr.default-1344806949599\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3394711609-860248201-440170233-1000\Software\SecuROM\License information*]
"datasecu"=hex:70,16,99,39,d6,44,22,84,80,70,d3,8d,6b,ee,bf,16,bd,66,af,32,4e,
e3,cb,f9,a4,22,57,91,fd,8b,ed,de,c0,8d,07,db,59,79,b7,94,6d,57,a9,b7,34,b6,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\DAODx.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Completion time: 2012-08-15 17:26:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 21:26
.
Pre-Run: 18,178,801,664 bytes free
Post-Run: 18,167,848,960 bytes free
.
- - End Of File - - DD77193F701F995825D8CE5078DD83A4

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 04:38 PM

Greetings And Welcome To The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flash-drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 timaa66

timaa66
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 August 2012 - 09:26 PM

That ended up being quite the fiasco there Gringo. After trying multiple times to get into the repair console command prompt, I ended up having to unplug all of my hard drives except for the one with windows on it to run the utility so I hope that this is all the information you need.

Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 15-08-2012 22:09:17
Running from F:\
Windows 7 Professional (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11842152 2011-05-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-06-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-02-17] ()
2 RadeonPro Support Service; "C:\Program Files (x86)\RadeonPro\RadeonProSupport.exe" [12800 2011-02-09] (Mr. John aka japamd)

========================== Drivers (Whitelisted) =============

2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [254528 2011-08-26] (DT Soft Ltd)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-15 22:08 - 2012-08-15 22:09 - 00000000 ____D C:\FRST
2012-08-15 13:42 - 2012-08-15 13:42 - 01442951 ____A (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2012-08-15 13:27 - 2012-08-15 13:27 - 00021276 ____A C:\Users\Tim\Desktop\combofix.txt
2012-08-15 13:26 - 2012-08-15 13:26 - 00021276 ____A C:\ComboFix.txt
2012-08-15 12:29 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-15 12:29 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-15 12:29 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-15 12:29 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-15 12:29 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-15 12:29 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-15 12:29 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-15 12:29 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-15 12:28 - 2012-08-15 13:27 - 00000000 ____D C:\ComboFix
2012-08-15 12:20 - 2012-08-15 13:27 - 00000000 ____D C:\Qoobox
2012-08-15 12:17 - 2012-08-15 12:17 - 00000887 ____A C:\Users\Tim\Desktop\checkup.txt
2012-08-13 17:07 - 2012-08-13 17:07 - 00881494 ____A C:\Users\Tim\Desktop\SecurityCheck.exe
2012-08-13 12:59 - 2012-08-13 12:59 - 00021774 ____A C:\Users\Tim\Desktop\DDS.txt
2012-08-13 12:59 - 2012-08-13 12:59 - 00011715 ____A C:\Users\Tim\Desktop\Attach.txt
2012-08-13 12:51 - 2012-08-13 12:51 - 00607260 ____R (Swearware) C:\Users\Tim\Desktop\dds.com
2012-08-13 12:51 - 2012-08-13 12:51 - 00000548 ____A C:\Users\Tim\Desktop\defogger_disable.log
2012-08-13 12:51 - 2012-08-13 12:51 - 00000138 ____A C:\Users\Tim\defogger_reenable
2012-08-13 12:50 - 2012-08-13 12:49 - 00050477 ____A C:\Users\Tim\Desktop\Defogger.exe
2012-08-12 14:06 - 2012-08-12 14:06 - 00000000 ____D C:\Users\All Users\Kaspersky Lab
2012-08-12 14:02 - 2012-08-12 14:04 - 141851192 ____A C:\Users\Tim\Downloads\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
2012-08-12 13:54 - 2012-08-12 13:58 - 00000000 ____D C:\Program Files (x86)\Resource Tuner
2012-08-12 13:54 - 2012-08-12 13:54 - 02760056 ____A (Heaventools Software) C:\Users\Tim\Downloads\ResTuner_setup.exe
2012-08-12 13:54 - 2012-08-12 13:54 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Resource Tuner
2012-08-12 13:48 - 2012-08-12 13:51 - 00001518 ____A C:\Users\Tim\Desktop\Rkill.txt
2012-08-12 13:47 - 2012-08-12 13:47 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\Tim\Downloads\rkill.exe
2012-08-12 13:39 - 2012-08-12 13:39 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-08-12 13:39 - 2012-07-05 18:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-12 13:38 - 2012-08-12 13:38 - 00893936 ____A (Oracle Corporation) C:\Users\Tim\Downloads\jxpiinstall.exe
2012-08-12 13:20 - 2012-08-12 13:20 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-12 13:20 - 2012-08-12 13:20 - 00000000 ____D C:\Program Files\CCleaner
2012-08-12 13:19 - 2012-08-12 13:19 - 03907920 ____A (Piriform Ltd) C:\Users\Tim\Downloads\ccsetup321.exe
2012-08-12 13:10 - 2012-08-12 13:10 - 07902008 ____A (VS Revo Group ) C:\Users\Tim\Downloads\RevoUninProSetup.exe
2012-08-12 13:10 - 2012-08-12 13:10 - 00001077 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-08-12 13:10 - 2012-08-12 13:10 - 00000000 ____D C:\Users\Tim\AppData\Local\VS Revo Group
2012-08-12 13:10 - 2012-08-12 13:10 - 00000000 ____D C:\Program Files\VS Revo Group
2012-08-12 13:10 - 2009-12-30 07:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-08-12 11:51 - 2012-08-12 11:51 - 00000442 ____A C:\FixitRegBackup.reg
2012-08-12 11:50 - 2012-08-12 11:50 - 00806400 ____A C:\Users\Tim\Downloads\MicrosoftFixit50692.msi
2012-08-12 09:22 - 2012-08-12 09:22 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-12 09:22 - 2012-08-12 09:22 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-12 09:22 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-12 09:22 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-12 09:22 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-12 09:22 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-12 09:22 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-12 09:22 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-12 09:22 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-12 09:21 - 2012-08-12 09:21 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-12 09:21 - 2012-08-12 09:21 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-12 09:21 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-12 09:21 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-12 09:19 - 2012-08-12 09:20 - 89340632 ____A C:\Users\Tim\Downloads\avast_free_antivirus_setup.exe
2012-08-12 08:00 - 2012-08-12 08:00 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-01 22:38 - 2012-08-01 22:38 - 00000000 ____D C:\Windows\Microsoft Antimalware
2012-08-01 19:33 - 2012-08-01 19:33 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-01 19:20 - 2012-08-15 13:07 - 00000000 ____D C:\Windows\erdnt
2012-08-01 19:12 - 2012-08-01 19:14 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-01 19:11 - 2010-12-31 21:14 - 00002254 ___RA C:\Users\Tim\Desktop\eula.txt
2012-08-01 18:49 - 2012-08-01 18:49 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-01 18:49 - 2012-08-01 18:49 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Malwarebytes
2012-08-01 18:49 - 2012-08-01 18:49 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-01 18:49 - 2012-08-01 18:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-01 18:45 - 2012-08-01 18:45 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-01 18:13 - 2012-08-01 18:13 - 00803584 ____A (Microsoft Corporation) C:\Users\Tim\Downloads\mssstool64.exe
2012-07-29 09:13 - 2012-07-29 09:13 - 00000000 ___AD C:\Tesseract-OCR
2012-07-29 08:23 - 2012-08-15 13:08 - 00001960 ____A C:\Windows\setupact.log
2012-07-29 08:23 - 2012-07-29 08:23 - 00000000 ____A C:\Windows\setuperr.log
2012-07-26 17:38 - 2012-08-12 09:16 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-26 17:37 - 2012-07-26 17:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Tim\Downloads\mseinstall.exe
2012-07-23 18:11 - 2012-07-23 18:11 - 00010240 ____A C:\Users\Tim\Desktop\john workout.xls
2012-07-21 10:39 - 2012-07-21 10:39 - 00027520 ____A C:\Users\Tim\AppData\Local\dt.dat
2012-07-20 09:43 - 2011-06-27 13:42 - 00002895 ____A C:\Users\Tim\Downloads\YOUBETTEREADTHIS.txt
2012-07-18 17:46 - 2012-07-18 17:46 - 00000000 ____D C:\Users\Tim\AppData\Local\SIX_Projects
2012-07-18 09:23 - 2012-07-18 09:23 - 00000000 ____D C:\Users\Tim\Documents\Rockstar Games
2012-07-18 09:22 - 2012-07-18 09:22 - 00000000 __SHD C:\Users\All Users\SecuROM
2012-07-18 09:21 - 2012-07-18 09:22 - 00000000 ____D C:\Users\Tim\AppData\Local\Rockstar Games
2012-07-18 09:21 - 2012-07-18 09:21 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll

============ 3 Months Modified Files ========================

2012-08-15 13:44 - 2011-07-27 05:03 - 01952581 ____A C:\Windows\WindowsUpdate.log
2012-08-15 13:43 - 2009-07-13 21:13 - 00778104 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 13:42 - 2012-08-15 13:42 - 01442951 ____A (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2012-08-15 13:27 - 2012-08-15 13:27 - 00021276 ____A C:\Users\Tim\Desktop\combofix.txt
2012-08-15 13:26 - 2012-08-15 13:26 - 00021276 ____A C:\ComboFix.txt
2012-08-15 13:15 - 2009-07-13 20:45 - 00013488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 13:15 - 2009-07-13 20:45 - 00013488 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 13:10 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-15 13:08 - 2012-07-29 08:23 - 00001960 ____A C:\Windows\setupact.log
2012-08-15 13:08 - 2011-07-31 18:47 - 00058776 ____A C:\Windows\PFRO.log
2012-08-15 13:08 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-15 12:17 - 2012-08-15 12:17 - 00000887 ____A C:\Users\Tim\Desktop\checkup.txt
2012-08-14 18:23 - 2011-07-28 00:58 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-08-14 18:23 - 2011-07-28 00:56 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-08-14 18:23 - 2011-07-28 00:56 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-08-13 18:17 - 2012-04-07 09:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-13 18:17 - 2011-07-28 01:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-13 17:07 - 2012-08-13 17:07 - 00881494 ____A C:\Users\Tim\Desktop\SecurityCheck.exe
2012-08-13 12:59 - 2012-08-13 12:59 - 00021774 ____A C:\Users\Tim\Desktop\DDS.txt
2012-08-13 12:59 - 2012-08-13 12:59 - 00011715 ____A C:\Users\Tim\Desktop\Attach.txt
2012-08-13 12:51 - 2012-08-13 12:51 - 00607260 ____R (Swearware) C:\Users\Tim\Desktop\dds.com
2012-08-13 12:51 - 2012-08-13 12:51 - 00000548 ____A C:\Users\Tim\Desktop\defogger_disable.log
2012-08-13 12:51 - 2012-08-13 12:51 - 00000138 ____A C:\Users\Tim\defogger_reenable
2012-08-13 12:49 - 2012-08-13 12:50 - 00050477 ____A C:\Users\Tim\Desktop\Defogger.exe
2012-08-12 14:04 - 2012-08-12 14:02 - 141851192 ____A C:\Users\Tim\Downloads\setup_11.0.0.1245.x01_2012_08_08_11_11.exe
2012-08-12 13:54 - 2012-08-12 13:54 - 02760056 ____A (Heaventools Software) C:\Users\Tim\Downloads\ResTuner_setup.exe
2012-08-12 13:51 - 2012-08-12 13:48 - 00001518 ____A C:\Users\Tim\Desktop\Rkill.txt
2012-08-12 13:47 - 2012-08-12 13:47 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\Tim\Downloads\rkill.exe
2012-08-12 13:39 - 2012-05-05 16:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-12 13:39 - 2012-05-05 16:50 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-12 13:38 - 2012-08-12 13:38 - 00893936 ____A (Oracle Corporation) C:\Users\Tim\Downloads\jxpiinstall.exe
2012-08-12 13:20 - 2012-08-12 13:20 - 00000822 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-08-12 13:19 - 2012-08-12 13:19 - 03907920 ____A (Piriform Ltd) C:\Users\Tim\Downloads\ccsetup321.exe
2012-08-12 13:10 - 2012-08-12 13:10 - 07902008 ____A (VS Revo Group ) C:\Users\Tim\Downloads\RevoUninProSetup.exe
2012-08-12 13:10 - 2012-08-12 13:10 - 00001077 ____A C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2012-08-12 11:51 - 2012-08-12 11:51 - 00000442 ____A C:\FixitRegBackup.reg
2012-08-12 11:50 - 2012-08-12 11:50 - 00806400 ____A C:\Users\Tim\Downloads\MicrosoftFixit50692.msi
2012-08-12 09:22 - 2012-08-12 09:22 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-12 09:22 - 2012-08-12 09:22 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-12 09:20 - 2012-08-12 09:19 - 89340632 ____A C:\Users\Tim\Downloads\avast_free_antivirus_setup.exe
2012-08-12 09:16 - 2012-07-26 17:38 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-01 18:49 - 2012-08-01 18:49 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-01 18:45 - 2012-08-01 18:45 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Tim\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-01 18:13 - 2012-08-01 18:13 - 00803584 ____A (Microsoft Corporation) C:\Users\Tim\Downloads\mssstool64.exe
2012-07-29 08:23 - 2012-07-29 08:23 - 00000000 ____A C:\Windows\setuperr.log
2012-07-26 18:26 - 2012-07-15 23:50 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
2012-07-26 18:26 - 2012-07-15 23:50 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
2012-07-26 17:38 - 2011-07-31 14:12 - 00795372 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-26 17:37 - 2012-07-26 17:37 - 12621696 ____A (Microsoft Corporation) C:\Users\Tim\Downloads\mseinstall.exe
2012-07-23 18:11 - 2012-07-23 18:11 - 00010240 ____A C:\Users\Tim\Desktop\john workout.xls
2012-07-21 10:39 - 2012-07-21 10:39 - 00027520 ____A C:\Users\Tim\AppData\Local\dt.dat
2012-07-18 09:21 - 2012-07-18 09:21 - 00178800 ____A (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2012-07-18 09:21 - 2011-07-28 00:25 - 00289225 ____A C:\Windows\DirectX.log
2012-07-15 23:50 - 2012-07-15 23:50 - 16884522 ____A (Oleg N. Scherbakov) C:\Users\Tim\Downloads\su-setup.exe
2012-07-15 12:31 - 2012-07-15 12:31 - 01606656 ____A C:\Users\Tim\Downloads\SteamInstall.msi
2012-07-15 10:00 - 2012-07-15 10:00 - 00000201 ____A C:\Users\Tim\Desktop\ARMA 2 Operation Arrowhead.url
2012-07-15 09:58 - 2012-07-15 09:58 - 00000201 ____A C:\Users\Tim\Desktop\ARMA 2.url
2012-07-11 07:47 - 2009-07-13 20:45 - 00292728 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 07:20 - 2011-07-31 09:35 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-08 16:44 - 2012-07-08 16:19 - 00055664 ____A C:\Users\Tim\Desktop\LAWL GUI Edition.au3
2012-07-07 20:08 - 2012-07-07 20:08 - 37284511 ____A C:\Users\Tim\Downloads\Bot.zip
2012-07-05 18:06 - 2012-08-12 13:39 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 18:06 - 2011-07-27 05:58 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-03 13:11 - 2012-07-03 13:11 - 00567656 ____A (AMD Inc.) C:\Users\Tim\Downloads\amd_catalyst_12.7_cap1.exe
2012-07-03 12:57 - 2012-07-03 12:56 - 159401976 ____A (Advanced Micro Devices, Inc.) C:\Users\Tim\Downloads\12-6_vista_win7_64_dd_ccc.exe
2012-07-03 08:21 - 2012-08-12 09:22 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-08-12 09:22 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-08-12 09:22 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-08-12 09:22 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-08-12 09:22 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-08-12 09:22 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-08-12 09:22 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-08-12 09:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2012-08-12 09:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-25 04:57 - 2012-07-07 20:10 - 00004924 ____A C:\AutoIt.reg
2012-06-19 06:58 - 2012-07-07 20:10 - 01949760 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110d.dll
2012-06-19 06:58 - 2012-07-07 20:10 - 00852544 ____A (Microsoft Corporation) C:\Windows\System32\msvcr110.dll
2012-06-19 06:58 - 2012-07-07 20:10 - 00094208 ____A C:\Windows\ImageSearchDLL.dll
2012-06-19 06:58 - 2012-07-07 20:10 - 00058880 ____A C:\Windows\ImageSearchDLL_x64.dll
2012-06-17 09:58 - 2012-06-17 09:58 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk
2012-06-17 09:58 - 2012-03-17 23:40 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-17 09:58 - 2012-03-17 23:40 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-17 09:58 - 2012-03-17 23:40 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-17 09:58 - 2012-03-17 23:40 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-17 09:58 - 2012-03-17 23:40 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-17 09:58 - 2012-03-17 23:40 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-13 13:03 - 2012-06-13 13:03 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-11 19:08 - 2012-07-11 07:21 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll
2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb
2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb
2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe
2012-06-11 09:24 - 2012-06-11 09:24 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2012-06-11 09:23 - 2011-04-05 18:02 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll
2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe
2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe
2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll
2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll
2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2012-06-11 09:01 - 2011-04-05 17:44 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap
2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2012-06-11 08:43 - 2012-06-11 08:43 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap
2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2012-06-11 08:25 - 2011-04-05 17:20 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2012-06-11 08:24 - 2012-06-11 08:24 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2012-06-08 21:43 - 2012-07-10 18:57 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 18:57 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 18:57 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 18:57 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 18:57 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 18:57 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 18:57 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 18:57 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 11:52 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:52 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:52 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:52 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:52 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 11:52 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:52 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 11:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 11:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:50 - 2012-07-10 18:57 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 18:57 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 18:57 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 18:57 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 18:57 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 18:57 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 18:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 18:57 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 18:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-22 12:06 - 2009-07-13 21:08 - 00032598 ____A C:\Windows\Tasks\SCHEDLGU.TXT


ZeroAccess:
C:\Windows\Installer\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}
C:\Windows\Installer\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}\L
C:\Windows\Installer\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}\U

ZeroAccess:
C:\Users\Tim\AppData\Local\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}
C:\Users\Tim\AppData\Local\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}\@
C:\Users\Tim\AppData\Local\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}\L
C:\Users\Tim\AppData\Local\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 16328.27 MB
Available physical RAM: 15117.05 MB
Total Pagefile: 16326.42 MB
Available Pagefile: 15138.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:83.73 GB) (Free:16.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (MB Support CD) (CDROM) (Total:2.77 GB) (Free:0 GB) CDFS
3 Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 83 GB 103 MB
Disk 1 Online 1908 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 83 GB 101 MB
Partition 2 Primary 10 MB 83 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 83 GB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1907 MB 64 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1907 MB Healthy

==================================================================================

Last Boot: 2012-08-07 10:58

======================= End Of Log ==========================












Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-15 22:10:24
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\services.exe
[2012-08-01 19:26] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

#6 timaa66

timaa66
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 August 2012 - 09:28 PM

Also I just want to inform you that the audio ads are still here.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 09:29 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
C:\Windows\Installer\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}
C:\Users\Tim\AppData\Local\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 timaa66

timaa66
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 August 2012 - 09:50 PM

Gringo I still get redirects on google after this fix here is the log:

Is it ok to leave my other hard drives unplugged until we are done with the repair console?

thank you for your help so far,
tim

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 2012-08-15 22:46:45 Run:1
Running from F:\

==============================================

C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini not found.
C:\Windows\Installer\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36} moved successfully.
C:\Users\Tim\AppData\Local\{bdb7af0a-a141-4174-66fd-eca3bc6e0c36} moved successfully.

==== End of Fixlog ====

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 10:12 PM

Greetings

yes you can leave them unplugged

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 timaa66

timaa66
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 August 2012 - 10:19 PM

Neither one of them will run I tried double clicking and also right click run as administrator.

thank you,
tim

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 15 August 2012 - 10:29 PM

Greetings

I need you to make a bootable usb and to make a screenshot for me - follow the instructions below to do this

How to create a bootable Puppy USB Drive

  • Download and save a copy of the latest Puppy ISO file
  • Download and save a copy of Unetbootin for Windows.
  • Insert an empty formatted USB drive into a USB port on the computer that's being used to create the bootable USB.
  • Launch Unetbootin ....
  • Ensure that Disk Image is selected.
  • Using the browse button ... browse to and select the Puppy ISO file.
  • Ensure that Type: is set to USB Drive and that the Drive: letter corresponds to the USB drive.
  • Click OK
Unetbootin will now copy the Puppy files to the USB and make it a bootable device.

Next

You need to change the boot order of the computer to boot from a USB drive ....

  • Read HERE for instructions how to do this.

Now boot into Puppylinux

when you get to the desktop Click on each of the drive items found in the bottom left corner to mount them (when mounted they will have a red cross next to them)

Next - Launch GParted which is found at Menu > System > GParted partition manager,
Click to select All Drives then click Okay
I need you to take a screenshot of the window that opens up - to do this follow these instructions

To take a screenshot in Puppy ....

With the GParted window open ...

  • Click menu > Graphic > mtPaint-snapshot screen capture
  • A small window will open ....

    • Click Capture Now
    • Click OK
  • The mtPaint program will open ....
    • Click File > Save
    • Double click on ../
    • Double click on mnt/
    • Double click on sdb1/
    • Set File Format to JPEG
    • Enter screenshot1 into the text box
    • Click OK

This will save a file screenshot1.jpeg into the USB drive, paste or attach this to your next post

Next

  • Click menu > shutdown > power off computer
  • If prompted to save the session click on No

Puppy will now close down.

remove the usb and save it - we will use it again - boot back into windows and send me the screen capture

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 timaa66

timaa66
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 15 August 2012 - 11:21 PM

Here is the image you requested I need to head to bed now so i can get up for work here in a couple hours :P thank you for all of your help so far

Posted Image

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 16 August 2012 - 08:19 AM

greetings


I want you to boot back into Gparted and right click on the first partition (sda1) and select "manage flags" and then select boot

exit gparted saving as you leave and boot back into windows and report back here



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 timaa66

timaa66
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 16 August 2012 - 03:02 PM

Hey Gringo I have done what you asked it appears the redirects are not occurring anymore and my load times for web pages seems to be back to normal. Once again I am not sure about the audio ads because they were at random intervals. What is it exactly that is going on with the machine, was a new boot partition created just for this infection?

thank you again,
tim

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 17 August 2012 - 01:17 AM

Greetings

was a new boot partition created just for this infection? - sneaky little guy and yes it did


I want you to boot back into GParted and this time I want you to right click on the hidden partition and select delete

exit gparted and report back here


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users