Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop infected, unsure with what.


  • This topic is locked This topic is locked
19 replies to this topic

#1 ausghostdog

ausghostdog

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 11 June 2013 - 09:57 PM

Hey all,

My uncle gave me his laptop, when ever he goes to download something his AV Trend micro treats it as a virus no matter what and removes it. The system is extreamly slow as well.

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 10.21.2
Run by Bear at 12:51:15 on 2013-06-12
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2057 [GMT 10:00]
.
AV: Titanium Maximum Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Titanium Maximum Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Video Chat\DellVideoChat.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
C:\Windows\system32\atashost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ninemsn.com.au/?ocid=ninemsnhomepagelink0213
uProxyOverride = localhost
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - c:\program files\winzip courier\wzwmcie.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SightSpeed] "c:\program files\dell video chat\DellVideoChat.exe" -bootmode
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\BackWeb-8876480.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:149
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
LSP: c:\program files\speedbit video accelerator\SBLSP.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 124.254.72.68 124.254.72.70 192.168.0.1
TCP: Interfaces\{2F29AB16-1519-4A61-B415-FFE8D6D4E820} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4F2E10A5-D3C2-4152-9024-B9450582504C} : DHCPNameServer = 124.254.72.68 124.254.72.70 192.168.0.1
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.1.1104\7.1.1104\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1361\6.8.1078\TmIEPlg.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - c:\program files\trend micro\titanium\uiframework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - c:\program files\trend micro\titanium\uiframework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2013-2-11 76648]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2011-8-26 143952]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2011-7-18 81920]
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2013-2-11 200632]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2011-6-4 20376]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-1-21 21504]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 k57nd60x;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-1-29 203264]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2011-7-18 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2011-7-18 280096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\dellsu~1\hwdiag\bin\PCD5SRVC.pkms [2008-11-5 22904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-06-04 08:01:14    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-04 08:01:14    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-04 07:45:41    --------    d-----w-    c:\users\bear\appdata\local\temp
2013-06-04 07:45:14    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-04 07:34:16    98816    ----a-w-    c:\windows\sed.exe
2013-06-04 07:34:16    256000    ----a-w-    c:\windows\PEV.exe
2013-06-04 07:34:16    208896    ----a-w-    c:\windows\MBR.exe
.
==================== Find3M  ====================
.
2013-06-11 23:00:13    181808    ----a-w-    c:\windows\RegBootClean.exe
2013-04-30 02:03:17    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-30 02:03:08    866720    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-04-30 02:03:08    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-29 23:53:12    22064    ----a-w-    c:\windows\DCEBoot.exe
.
============= FINISH: 12:52:36.39 ===============
 

 



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 11 June 2013 - 10:24 PM


Hello ausghostdog

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 June 2013 - 12:49 AM

Here you go

# AdwCleaner v2.303 - Logfile created 06/12/2013 at 15:37:27
# Updated 08/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Bear - BEAR-PC
# Boot Mode : Normal
# Running from : C:\Users\Bear\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\Speedbit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\searchcore toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\Bear\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Bear\AppData\Local\Babylon
Folder Deleted : C:\Users\Bear\AppData\Local\Conduit
Folder Deleted : C:\Users\Bear\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Bear\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Bear\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Bear\AppData\LocalLow\Speedbit
Folder Deleted : C:\Users\Bear\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Bear\AppData\Roaming\DriverCure
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2237994
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00F1A65D97AD1E11D8D76334268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\029DEE7E67AD1E113852DB04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03576BC0A7AD1E1188A9A434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFD72C0A6D1E1179AC85E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B0B68797AD1E118A6A4E24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0828D86187AD1E1129764B14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088A41FE97AD1E114BD41434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090E991ED42E1E11D93A5C2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F968E620A6D1E11B999E6D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF1D43997AD1E11FA430034268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2010C0B997AD1E111983F034268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20414E2897AD1E116B041F24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\241E1DAF97AD1E11CBD65434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D5CB10287AD1E112AF1CB14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41B9E26133CD1E114A4E096D168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42B7416F0A6D1E112971B6E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\435ED11E0A6D1E1138C146E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\466B1A160A6D1E11DAFD1AD3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\600642CA97AD1E11EB30A134268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61C07F78D42E1E113849882F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\638A55350A6D1E114AE6C9D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63C6A3960A6D1E1199A78AD3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65BE09BB77AD1E1129594214268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\67F9C62077AD1E11BA0CBC04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6967575E4ADD1E11E9E591AF068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A0601CF0A6D1E11EA66D6E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D34269C97AD1E11DAE42334268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6DE790BA0A6D1E111B7A93E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F874FC077AD1E11FB2CCC04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72D3312E1E95E8C4AAA81BADB30D5FC0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\74E6A1B4EEAA8A942B405B51643FD2FC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\800967B40A6D1E1129B8C8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\814DDE340A6D1E11B833B8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818F60F20A6D1E1149E987D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8225E07F67AD1E1138657C04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83011A2A97AD1E1139DD6134268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D3F53D0A6D1E112BC9F5E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\860F3B99848D1E119B5569D6168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87B1CC30A7AD1E117BC59434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8849E84D67AD1E11A8881B04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A7FEEA8848D1E11D8ABF7D6168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B065BD72ADD1E116B25978F068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B58DAA50A6D1E11C924D9D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B8DC47DD42E1E119948EB2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BCF643B0A6D1E113A80C4E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C52E23087AD1E11BB364914268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980D2637EBB4E31449BDFE2D7447AE03
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D0E499F53381f84992C7A212CF1D8F5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A301910E5ADD1E11CBD5C1BF068807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A51CAA4F77AD1E116923D714268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6EA75AD0A6D1E116B9506E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A81E6B410A6D1E11B98E66D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD31AEF90A6D1E112B67A2E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF79D8530A6D1E11296968D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA82713BF2918244BB38D4D3626E2F31
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C5A5C56BD42E1E11AA061B2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C61425DC0A6D1E11488AE5E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D6135E97AD1E11783A0434268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6D68CEE0A6D1E1129B096E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB5F24F10A6D1E118B7AD6D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CBE5FFA897AD1E11CA349F24268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CC46BC9AD42E1E11B93ADA2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0B84F7CD42E1E113A65AB2F168807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0C668D287AD1E117AAAFB14268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E318FDD30A6D1E115956A8D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E58C26300A6D1E11EBCF16D3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81243990A6D1E117B9C52E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E90A558E0A6D1E111A4356E3268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E942FF4ABC342DA42A4C40617E8ADC8C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF874E5B67AD1E113A7B2A04268807B9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\SpeedBit
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [18811 octets] - [12/06/2013 15:37:27]

########## EOF - C:\AdwCleaner[S1].txt - [18872 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by Bear on Wed 06/12/2013 at 15:46:12.44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{42AC2BBE-8A21-440A-9D12-0772F90215E7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5F6C26B7-389D-493D-A209-E7427A204F02}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{740CE090-3381-4A98-A7E8-873CF44A6A89}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Bear\AppData\Roaming\speedypc software"
Successfully deleted: [Empty Folder] C:\Users\Bear\appdata\local\{2BFEAA6A-45CF-4F6A-90A0-AAD2675A15A5}
Successfully deleted: [Empty Folder] C:\Users\Bear\appdata\local\{89B60E21-1509-473E-B5BD-86E53DD86A6C}
Successfully deleted: [Empty Folder] C:\Users\Bear\appdata\local\{94622CD1-7C02-4DEC-9D6F-2D9C22CA028B}
Successfully deleted: [Empty Folder] C:\Users\Bear\appdata\local\{B3B29A00-EC9A-4FF0-A84F-5907A3420447}
Successfully deleted: [Empty Folder] C:\Users\Bear\appdata\local\{C99AB2D5-1A4E-4184-B42C-3D48A76F4DDF}
Successfully deleted: [Empty Folder] C:\Users\Bear\appdata\local\{F4D0B552-F478-470A-BFE7-B53C776273E5}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/12/2013 at 15:48:23.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 12 June 2013 - 01:03 AM


Hello ausghostdog

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 June 2013 - 01:30 AM

ComboFix 13-06-08.02 - Bear 06/12/2013  16:08:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2067 [GMT 10:00]
Running from: c:\users\Bear\Desktop\ComboFix.exe
AV: Titanium Maximum Security *Disabled/Updated* {B7599298-8445-728A-A5C7-A26A082C8BDA}
SP: Titanium Maximum Security *Disabled/Updated* {0C38737C-A27F-7D04-9F77-991873ABC167}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-12 to 2013-06-12  )))))))))))))))))))))))))))))))
.
.
2013-06-12 06:16 . 2013-06-12 06:16    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2013-06-12 06:16 . 2013-06-12 06:16    --------    d-----w-    c:\users\girlie\AppData\Local\temp
2013-06-12 06:16 . 2013-06-12 06:16    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-06-12 05:46 . 2013-06-12 05:46    --------    d-----w-    c:\windows\ERUNT
2013-06-12 05:45 . 2013-06-12 05:45    --------    d-----w-    C:\JRT
2013-06-12 03:00 . 2013-05-08 04:37    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-06-04 08:01 . 2013-06-04 08:01    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-06-04 08:01 . 2013-04-04 04:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-06-04 07:45 . 2013-06-12 06:19    --------    d-----w-    c:\users\Bear\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 23:08 . 2011-03-28 08:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-11 23:00 . 2012-01-13 04:16    181808    ----a-w-    c:\windows\RegBootClean.exe
2013-04-30 02:03 . 2013-04-30 02:04    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-30 02:03 . 2013-01-05 12:25    866720    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-04-30 02:03 . 2011-06-06 09:01    788896    ----a-w-    c:\windows\system32\deployJava1.dll
2013-04-29 23:53 . 2012-01-13 04:16    22064    ----a-w-    c:\windows\DCEBoot.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SightSpeed"="c:\program files\Dell Video Chat\DellVideoChat.exe" [2008-11-03 4823416]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2012-01-16 16384]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-29 39408]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2009-11-25 95632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-02-19 438403]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-16 3810304]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-04-30 196608]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-29 206064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-16 483428]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-12-18 1304296]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 133424]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-11 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-2-26 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2012-1-16 169472]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-3-3 1207376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-16 81920]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
rsmsvcs    REG_MULTI_SZ       ntmssvc
ipripsvc    REG_MULTI_SZ       iprip
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 04:14]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-29 04:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ninemsn.com.au/?ocid=ninemsnhomepagelink0213
uInternet Settings,ProxyOverride = localhost
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\SpeedBit Video Accelerator\SBLSP.dll
TCP: DhcpNameServer = 124.254.72.68 124.254.72.70 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-12 16:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5848)
c:\users\Bear\AppData\Local\Temp\IadHide4.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Trend Micro\AMSP\coreServiceShell.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
c:\windows\system32\atashost.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-06-12  16:25:58 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-12 06:25
ComboFix2.txt  2013-06-04 07:45
.
Pre-Run: 167,206,076,416 bytes free
Post-Run: 166,992,175,104 bytes free
.
- - End Of File - - 0BD38D3AE9B746779A10FD50A9450F8E
5C616939100B85E558DA92B899A0FC36
 
I.E still blocks anything from downloading saying it's a virus, Firefox works fine how ever.

 


Edited by ausghostdog, 12 June 2013 - 01:47 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 12 June 2013 - 02:00 AM


Hello ausghostdog

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following
  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 June 2013 - 02:23 AM

wasn't able to do the fixit thing, as it said it was a virus. Also doing all the reset of I.E it still removes everything downloaded a virus. I am trying to download combo fix from this site as I know it's safe.


Edited by ausghostdog, 12 June 2013 - 02:28 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 12 June 2013 - 02:30 AM

it might be best to download from a clean computer and move it to the infected one



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 12 June 2013 - 02:56 AM

Still comes up with a virus.PI4XrTm.jpg


Edited by ausghostdog, 12 June 2013 - 02:59 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 12 June 2013 - 12:25 PM


Hello ausghostdog

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • First Press the Scan button.
  • It will make a log (FRST.txt)
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 13 June 2013 - 09:48 PM

Just trying to get a recovery disc for vista as the system does not have the Repair your computer.

 menu option



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 13 June 2013 - 09:51 PM

OK I will check on you later



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 13 June 2013 - 10:56 PM

OK I will check on you later



gringo

Got a recovery cd, runing the program now.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2013
Ran by SYSTEM on 14-06-2013 13:56:01
Running from E:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3810304 2008-11-16] (Dell Inc.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [178712 2007-10-02] (Intel Corporation)
HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-07-31] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304296 2012-12-18] (Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [133424 2012-02-27] (Trend Micro Inc.)
HKU\Bear\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [ 2008-01-20] (Microsoft Corporation)
HKU\Bear\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [ 2012-01-15] ()
HKU\girlie\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [ 2012-01-15] ()
HKU\girlie\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]
HKU\Guest\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [ 2012-01-15] ()

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [81920 2009-03-16] (Andrea Electronics Corporation)
S2 iprip; C:\Windows\System32\iprip.dll [29696 2006-11-02] (Microsoft Corporation)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2009-01-29] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe [254042 2009-03-16] (IDT, Inc.)
S2 VideoAcceleratorService; C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe [265928 2011-06-04] (SpeedBit Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] ()
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2809856 2008-11-16] (Dell Inc.)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-16] (Broadcom Corporation)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-07] (ITE Tech. Inc. )
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-08] (Microsoft Corporation)
S3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-05] (Creative Technology Ltd.)
S3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [95224 2012-09-24] (Trend Micro Inc.)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [257952 2012-09-24] (Trend Micro Inc.)
S1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [76648 2012-09-24] (Trend Micro Inc.)
S1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [143952 2011-08-25] (Trend Micro Inc.)
S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92432 2013-02-10] (Trend Micro Inc.)
S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 massfilter; system32\drivers\massfilter.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{3F6A8B78-EC003E00-05040104}; \??\C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]
S2 TMAgent;
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [x]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [x]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-14 13:55 - 2013-06-14 13:55 - 00000000 ____D C:\FRST
2013-06-13 18:45 - 2007-09-17 01:28 - 00192512 ____A (Microsoft Corporation) C:\Users\Bear\Desktop\recdisc.exe
2013-06-13 18:38 - 2013-06-13 18:38 - 00000000 ____A C:\Windows\setuperr.log
2013-06-13 18:38 - 2013-06-13 18:38 - 00000000 ____A C:\Windows\setupact.log
2013-06-11 23:53 - 2013-06-11 23:52 - 00659968 ____A C:\Users\Bear\Desktop\MicrosoftFixit50195.msi
2013-06-11 22:42 - 2013-06-11 22:42 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\Users\Bear\AppData\Local\Mozilla
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-11 22:41 - 2013-06-11 22:39 - 21289608 ____A (Mozilla) C:\Users\Bear\Desktop\Firefox Setup 21.0.exe
2013-06-11 22:36 - 2013-06-11 22:36 - 00000000 ____D C:\Windows\pss
2013-06-11 22:26 - 2013-06-11 22:26 - 00008747 ____A C:\ComboFix.txt
2013-06-11 22:06 - 2013-06-11 22:26 - 00000000 ____D C:\ComboFix
2013-06-11 22:05 - 2013-06-11 22:06 - 05078680 ____R (Swearware) C:\Users\Bear\Desktop\ComboFix.exe
2013-06-11 21:48 - 2013-06-11 21:48 - 00001989 ____A C:\Users\Bear\Desktop\JRT.txt
2013-06-11 21:46 - 2013-06-11 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-06-11 21:45 - 2013-06-11 21:45 - 00000000 ____D C:\JRT
2013-06-11 21:37 - 2013-06-11 21:37 - 00018942 ____A C:\AdwCleaner[S1].txt
2013-06-11 21:28 - 2013-06-11 21:28 - 00648201 ____A C:\Users\Bear\Desktop\AdwCleaner.exe
2013-06-11 21:28 - 2013-06-11 21:28 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Bear\Desktop\JRT.exe
2013-06-11 19:20 - 2013-05-16 15:08 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-11 19:20 - 2013-05-16 14:49 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-11 19:20 - 2013-05-16 14:39 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-11 19:20 - 2013-05-16 14:28 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-11 19:20 - 2013-05-16 14:28 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-11 19:20 - 2013-05-16 14:27 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-11 19:20 - 2013-05-16 14:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-11 19:20 - 2013-05-16 14:23 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-11 19:20 - 2013-05-16 14:21 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-11 19:20 - 2013-05-16 14:21 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-11 19:20 - 2013-05-16 14:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-11 19:20 - 2013-05-16 14:19 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-11 19:20 - 2013-05-16 14:17 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-11 19:20 - 2013-05-16 14:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-11 19:20 - 2013-05-16 14:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-11 19:20 - 2013-05-16 14:12 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-11 19:00 - 2013-05-07 20:37 - 00905576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 19:00 - 2013-05-02 14:03 - 03603832 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-11 19:00 - 2013-05-02 14:03 - 03551096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-11 19:00 - 2013-05-01 20:04 - 00443904 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 19:00 - 2013-05-01 20:03 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\printcom.dll
2013-06-11 19:00 - 2013-04-23 20:00 - 00985600 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 19:00 - 2013-04-23 20:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 19:00 - 2013-04-23 20:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 19:00 - 2013-04-23 20:00 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 19:00 - 2013-04-23 17:46 - 00812544 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 19:00 - 2013-04-17 04:30 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 19:00 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-06-11 19:00 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-06-11 19:00 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-06-11 15:06 - 2013-06-11 18:54 - 00009864 ____A C:\Users\Bear\Desktop\attach.txt
2013-06-11 15:06 - 2013-06-11 18:52 - 00013315 ____A C:\Users\Bear\Desktop\dds.txt
2013-06-11 14:59 - 2013-06-11 14:55 - 00688992 ____R (Swearware) C:\Users\Bear\Desktop\dds.com
2013-06-04 00:01 - 2013-06-04 00:01 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-04 00:01 - 2013-06-04 00:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-04 00:01 - 2013-04-03 20:50 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-06-04 00:00 - 2013-06-03 23:59 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Bear\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-03 23:34 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-03 23:34 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-03 23:34 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-03 23:34 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-03 23:34 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-03 23:34 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-03 23:34 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-03 23:34 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-03 23:33 - 2013-06-11 22:16 - 00000000 ____D C:\Windows\erdnt
2013-06-03 23:33 - 2013-06-11 22:06 - 00000000 ___AD C:\Qoobox

==================== One Month Modified Files and Folders ========

2013-06-14 13:55 - 2013-06-14 13:55 - 00000000 ____D C:\FRST
2013-06-13 19:49 - 2011-05-26 20:58 - 00000012 ____A C:\Windows\bthservsdp.dat
2013-06-13 19:49 - 2008-01-20 17:35 - 01576698 ____A C:\Windows\WindowsUpdate.log
2013-06-13 19:49 - 2006-11-02 05:01 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-13 19:49 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-13 19:49 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-13 19:49 - 2006-11-02 04:47 - 00003712 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-13 18:59 - 2011-05-28 20:49 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-13 18:38 - 2013-06-13 18:38 - 00000000 ____A C:\Windows\setuperr.log
2013-06-13 18:38 - 2013-06-13 18:38 - 00000000 ____A C:\Windows\setupact.log
2013-06-13 18:28 - 2011-05-28 20:49 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-13 18:21 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\System32\spool
2013-06-11 23:52 - 2013-06-11 23:53 - 00659968 ____A C:\Users\Bear\Desktop\MicrosoftFixit50195.msi
2013-06-11 22:42 - 2013-06-11 22:42 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\Users\Bear\AppData\Local\Mozilla
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\ProgramData\Mozilla
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-11 22:42 - 2013-06-11 22:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-11 22:42 - 2012-11-24 00:18 - 00000000 ____D C:\Users\Bear\AppData\Roaming\Mozilla
2013-06-11 22:39 - 2013-06-11 22:41 - 21289608 ____A (Mozilla) C:\Users\Bear\Desktop\Firefox Setup 21.0.exe
2013-06-11 22:36 - 2013-06-11 22:36 - 00000000 ____D C:\Windows\pss
2013-06-11 22:26 - 2013-06-11 22:26 - 00008747 ____A C:\ComboFix.txt
2013-06-11 22:26 - 2013-06-11 22:06 - 00000000 ____D C:\ComboFix
2013-06-11 22:24 - 2011-05-28 20:13 - 00000000 ____D C:\Users\Bear\AppData\Local\Apps\2.0
2013-06-11 22:19 - 2006-11-02 02:23 - 00000215 ____A C:\Windows\system.ini
2013-06-11 22:16 - 2013-06-03 23:33 - 00000000 ____D C:\Windows\erdnt
2013-06-11 22:06 - 2013-06-11 22:05 - 05078680 ____R (Swearware) C:\Users\Bear\Desktop\ComboFix.exe
2013-06-11 22:06 - 2013-06-03 23:33 - 00000000 ___AD C:\Qoobox
2013-06-11 21:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-11 21:56 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-06-11 21:48 - 2013-06-11 21:48 - 00001989 ____A C:\Users\Bear\Desktop\JRT.txt
2013-06-11 21:46 - 2013-06-11 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-06-11 21:46 - 2006-11-02 02:33 - 00734704 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-11 21:45 - 2013-06-11 21:45 - 00000000 ____D C:\JRT
2013-06-11 21:37 - 2013-06-11 21:37 - 00018942 ____A C:\AdwCleaner[S1].txt
2013-06-11 21:35 - 2011-05-28 20:26 - 00000000 ____D C:\ProgramData\Trend Micro
2013-06-11 21:31 - 2006-11-02 04:47 - 00381016 ____A C:\Windows\System32\FNTCACHE.DAT
2013-06-11 21:28 - 2013-06-11 21:28 - 00648201 ____A C:\Users\Bear\Desktop\AdwCleaner.exe
2013-06-11 21:28 - 2013-06-11 21:28 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Bear\Desktop\JRT.exe
2013-06-11 19:20 - 2012-03-06 03:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-11 18:54 - 2013-06-11 15:06 - 00009864 ____A C:\Users\Bear\Desktop\attach.txt
2013-06-11 18:52 - 2013-06-11 15:06 - 00013315 ____A C:\Users\Bear\Desktop\dds.txt
2013-06-11 15:00 - 2012-01-12 20:16 - 00181808 ____A C:\Windows\RegBootClean.exe
2013-06-11 14:55 - 2013-06-11 14:59 - 00688992 ____R (Swearware) C:\Users\Bear\Desktop\dds.com
2013-06-11 14:47 - 2011-06-19 20:44 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-06-04 00:01 - 2013-06-04 00:01 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-04 00:01 - 2013-06-04 00:01 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 23:59 - 2013-06-04 00:00 - 10285040 ____A (Malwarebytes Corporation                                    ) C:\Users\Bear\Desktop\mbam-setup-1.75.0.1300.exe
2013-06-03 23:45 - 2006-11-02 03:18 - 00000000 ___RD C:\users\Public
2013-06-03 23:43 - 2011-05-22 23:37 - 00000000 ____D C:\users\Bear
2013-06-03 23:28 - 2011-05-22 23:37 - 00007512 ____A C:\Users\Bear\AppData\Local\d3d9caps.dat
2013-06-01 23:21 - 2006-11-02 02:24 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-16 15:08 - 2013-06-11 19:20 - 12329984 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-16 14:49 - 2013-06-11 19:20 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 14:39 - 2013-06-11 19:20 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-16 14:28 - 2013-06-11 19:20 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-16 14:28 - 2013-06-11 19:20 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-16 14:27 - 2013-06-11 19:20 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-16 14:26 - 2013-06-11 19:20 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-16 14:23 - 2013-06-11 19:20 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-16 14:21 - 2013-06-11 19:20 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-16 14:21 - 2013-06-11 19:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-16 14:20 - 2013-06-11 19:20 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-16 14:19 - 2013-06-11 19:20 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-16 14:17 - 2013-06-11 19:20 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-16 14:17 - 2013-06-11 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-16 14:16 - 2013-06-11 19:20 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-16 14:12 - 2013-06-11 19:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-02-06 01:54:47
Restore point made on: 2013-02-09 01:13:43
Restore point made on: 2013-02-09 01:15:03
Restore point made on: 2013-02-09 02:59:30
Restore point made on: 2013-02-09 03:20:40
Restore point made on: 2013-02-09 04:06:46
Restore point made on: 2013-02-10 16:56:14
Restore point made on: 2013-02-10 18:55:08
Restore point made on: 2013-02-15 19:17:49
Restore point made on: 2013-02-15 19:24:35
Restore point made on: 2013-02-15 19:35:08
Restore point made on: 2013-02-15 19:37:14
Restore point made on: 2013-04-15 01:48:20
Restore point made on: 2013-04-15 01:49:31
Restore point made on: 2013-04-15 01:50:49
Restore point made on: 2013-04-15 01:51:46
Restore point made on: 2013-04-15 01:52:42
Restore point made on: 2013-04-15 01:53:36
Restore point made on: 2013-04-29 16:26:35
Restore point made on: 2013-04-29 17:51:47
Restore point made on: 2013-04-29 17:57:15
Restore point made on: 2013-04-29 18:02:08
Restore point made on: 2013-04-30 16:02:00
Restore point made on: 2013-04-30 16:31:13
Restore point made on: 2013-04-30 18:33:54
Restore point made on: 2013-04-30 19:45:36
Restore point made on: 2013-05-01 12:24:31
Restore point made on: 2013-05-01 12:25:55
Restore point made on: 2013-05-01 15:09:09
Restore point made on: 2013-05-01 17:09:29
Restore point made on: 2013-06-11 19:04:45
Restore point made on: 2013-06-11 19:13:21
Restore point made on: 2013-06-11 23:53:44
Restore point made on: 2013-06-13 19:21:00

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3069.36 MB
Available physical RAM: 2609.87 MB
Total Pagefile: 2852.6 MB
Available Pagefile: 2668.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:287.95 GB) (Free:154.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.34 GB) NTFS
Drive e: () (Removable) (Total:0.94 GB) (Free:0.64 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=141 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 968 MB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=968 MB) - (Type=06)


LastRegBack: 2013-06-13 18:34

==================== End Of Log ============================


Edited by ausghostdog, 13 June 2013 - 10:59 PM.


#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:47 AM

Posted 14 June 2013 - 08:45 AM

Hello ausghostdog,

I want you to run this in NORMAL mode

I need you to download this script I have made for you --> Attached File  fixlist.txt   193bytes   1 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ausghostdog

ausghostdog
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:08:47 PM

Posted 14 June 2013 - 06:46 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-06-2013
Ran by Bear at 2013-06-15 09:47:40 Run:2
Running from F:\
Boot Mode: Normal

==============================================

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRtMon.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpRtPlug.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSigDwn.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSoftEx.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking completed.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found

=========  Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========


==== End of Fixlog ====


Edited by ausghostdog, 14 June 2013 - 06:52 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users