Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: diggerdave on May 31, 2013, 05:42:39 AM
-
I need help removing the toparcadehits malware.
-
Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html
-
Sorry I didn't attach the logs.
# AdwCleaner v2.301 - Logfile created 05/31/2013 at 06:44:26
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : User 1 - PC
# Boot Mode : Normal
# Running from : E:\Scan Tools\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\User 1\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Registry is clean.
-\\ Mozilla Firefox v21.0 (en-US)
File : C:\Users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\vmw1adn7.default\prefs.js
[OK] File is clean.
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ncnka0fd.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [19004 octets] - [27/05/2013 08:25:10]
AdwCleaner[R2].txt - [17244 octets] - [27/05/2013 16:29:51]
AdwCleaner[R3].txt - [7785 octets] - [29/05/2013 04:45:31]
AdwCleaner[R4].txt - [7845 octets] - [29/05/2013 04:46:19]
AdwCleaner[R5].txt - [1374 octets] - [31/05/2013 06:44:26]
AdwCleaner[S1].txt - [8058 octets] - [29/05/2013 04:46:31]
########## EOF - C:\AdwCleaner[R5].txt - [1494 octets] ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.05.29.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
User 1 :: PC [administrator]
5/31/2013 6:45:30 AM
mbam-log-2013-05-31 (06-45-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238185
Time elapsed: 3 minute(s), 18 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.11.2
Run by User 1 at 6:47:19 on 2013-05-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8188.5280 [GMT -7:00]
.
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\XFast USB\XFastUsb.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASRock\XFast LAN\spd.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
uRun: [zASRockInstantBoot] <no file>
mRun: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
mRun: [XFast USB] C:\Program Files (x86)\XFast USB\XFastUsb.exe
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: MaxRecentDocs = dword:30
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{E368B6D2-8A02-40A0-9E53-7C57CC672467} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\vmw1adn7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
FF - ExtSQL: 2013-04-27 07:51; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-05-27 11:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\vmw1adn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 AsrAppCharger;AsrAppCharger;C:\Windows\System32\drivers\AsrAppCharger.sys [2012-3-21 17192]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-29 45856]
R1 FNETURPX;FNETURPX;C:\Windows\System32\drivers\FNETURPX.SYS [2012-3-21 15936]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-28 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-3-16 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-3-16 828072]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-3-27 145448]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2011-5-27 374304]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2011-5-27 292384]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-28 56960]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-28 79104]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2012-3-21 32344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-21 471144]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2011-5-27 63528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-21 39480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-3-21 46136]
S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
S3 FNETTBOH_305;FNETTBOH_305;C:\Windows\System32\drivers\FNETTBOH_305.SYS [2012-3-21 32320]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-15 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-15 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-05-31 05:12:08 9876132 ----a-w- C:\u12iavi5871yo.bin.partial
2013-05-29 18:08:29 -------- d-----w- C:\Program Files (x86)\AMD AVT
2013-05-29 18:03:32 -------- d-----w- C:\AMD
2013-05-29 13:11:41 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-29 12:45:48 -------- d-----w- C:\ComboFix
2013-05-27 23:46:48 98816 ----a-w- C:\Windows\sed.exe
2013-05-27 23:46:48 256000 ----a-w- C:\Windows\PEV.exe
2013-05-27 23:46:48 208896 ----a-w- C:\Windows\MBR.exe
2013-05-27 23:34:39 -------- d-----w- C:\Windows\ERUNT
2013-05-27 23:34:34 -------- d-----w- C:\JRT
2013-05-26 14:23:51 -------- d-----w- C:\MaxxMem
2013-05-26 13:06:52 -------- d-----w- C:\Program Files (x86)\AnalogX
2013-05-26 13:05:13 -------- d-----w- C:\Program Files\PC Optimizer Pro
2013-05-26 13:03:58 -------- d-----w- C:\Users\User 1\AppData\Local\TopArcadeHits
2013-05-26 12:57:05 -------- d-----w- C:\Program Files\Prime95
2013-05-26 12:36:40 -------- d-----w- C:\Program Files\Super PI
2013-05-24 00:10:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 00:10:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 00:10:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 00:10:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 00:10:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-23 16:52:40 -------- d-----w- C:\Program Files\Speccy
2013-05-22 16:12:45 -------- d-----w- C:\Users\User 1\AppData\Local\LogMeIn Rescue Applet
2013-05-22 14:16:59 -------- d-----w- C:\Program Files\OutlookSpy
2013-05-22 12:30:12 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-05-22 12:30:01 19449240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-05-22 12:30:00 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-05-22 12:30:00 865968 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-05-22 12:30:00 272280 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-05-22 12:30:00 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2013-05-22 12:30:00 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-05-17 00:14:43 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 00:14:43 -------- d-----w- C:\Program Files\iTunes
2013-05-17 00:14:43 -------- d-----w- C:\Program Files\iPod
2013-05-17 00:14:43 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-15 23:18:46 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-07 19:54:44 -------- d-----w- C:\ProgramData\StarApp
2013-05-06 13:50:06 -------- d-----w- C:\Users\User 1\IGC
2013-05-06 13:50:06 -------- d-----w- C:\Users\User 1\AppData\Roaming\IGC
2013-05-06 13:44:45 245408 ------w- C:\Windows\SysWow64\unicows.dll
.
==================== Find3M ====================
.
2013-05-30 18:26:46 60 ----a-w- C:\Windows\wpd99.drv
2013-05-29 18:10:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-29 18:10:19 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-20 16:52:41 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-05-13 17:04:57 32320 ----a-w- C:\Windows\System32\drivers\FNETTBOH_305.SYS
2013-05-01 10:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-29 09:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-03-29 02:37:10 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-03-29 02:37:10 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-03-29 02:37:06 139696 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-03-29 02:37:04 92304 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-03-29 02:37:04 118584 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-03-29 02:37:04 112440 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-03-29 02:37:02 1155264 ----a-w- C:\Windows\System32\aticfx64.dll
2013-03-29 02:37:00 970912 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-03-29 02:36:56 8272136 ----a-w- C:\Windows\System32\atidxx64.dll
2013-03-29 02:36:54 7233336 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-03-29 02:36:50 4450264 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-03-29 02:36:44 5944264 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-03-29 02:36:40 5000320 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-03-29 02:36:38 6985624 ----a-w- C:\Windows\System32\atiumd64.dll
2013-03-29 02:35:02 11658752 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-03-29 02:13:28 222720 ----a-w- C:\Windows\System32\clinfo.exe
2013-03-29 02:13:14 798734 ----a-w- C:\Windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13:14 1187342 ----a-w- C:\Windows\System32\amdocl_as64.exe
2013-03-29 02:13:14 1061902 ----a-w- C:\Windows\System32\amdocl_ld64.exe
2013-03-29 02:13:12 995342 ----a-w- C:\Windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13:08 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-03-29 02:13:04 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-03-29 02:13:00 64000 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-03-29 02:12:56 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-03-29 02:12:48 29150720 ----a-w- C:\Windows\System32\amdocl64.dll
2013-03-29 02:10:52 23810560 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-03-29 02:09:04 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-29 02:09:00 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-29 02:04:42 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2013-03-29 02:00:54 76800 ----a-w- C:\Windows\System32\coinst_12.104.dll
2013-03-29 01:57:54 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-03-29 01:55:36 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-03-29 01:55:34 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-03-29 01:55:28 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-03-29 01:55:28 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-03-29 01:55:16 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-03-29 01:51:04 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-03-29 01:48:26 19870720 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-03-29 01:35:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-03-29 01:35:06 562688 ----a-w- C:\Windows\System32\atieclxx.exe
2013-03-29 01:34:18 241152 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-03-29 01:33:00 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2013-03-29 01:32:46 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-03-29 01:32:42 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-03-29 01:32:36 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2013-03-29 01:10:30 636416 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-03-29 01:10:20 430080 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-03-29 01:10:08 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-03-29 01:10:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-03-29 01:10:00 44032 ----a-w- C:\Windows\System32\atig6txx.dll
2013-03-29 01:09:52 34816 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-03-29 01:09:44 581120 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-03-29 01:07:52 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-03-21 10:08:24 240952 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-14 10:06:01 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2013-03-14 10:06:00 226304 ----a-w- C:\Windows\System32\elshyph.dll
2013-03-14 10:06:00 185344 ----a-w- C:\Windows\SysWow64\elshyph.dll
2013-03-14 10:06:00 158720 ----a-w- C:\Windows\SysWow64\msls31.dll
.
============= FINISH: 6:47:51.42 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/21/2012 5:50:50 AM
System Uptime: 5/31/2013 5:14:49 AM (1 hours ago)
.
Motherboard: ASRock | | 970 Extreme3
Processor: AMD Phenom(tm) II X4 960T Processor | CPUSocket | 3000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 184 GiB total, 115.11 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 49 GiB total, 37.355 GiB free.
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP167: 5/25/2013 5:35:23 PM - Restore Operation
RP168: 5/26/2013 6:20:23 AM - Removed ASPCA Reminder by We-Care.com v4.1.22.1
RP169: 5/26/2013 6:23:54 AM - Removed ezW2(2012)
RP170: 5/29/2013 5:17:08 AM - ComboFix created restore point
.
==== Installed Programs ======================
.
Leawo iTransfer version 1.4.0.1106
"Nero SoundTrax Help
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Advertising Center
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD USB Filter Driver
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock App Charger v1.0.5
ASRock eXtreme Tuner v0.1.122
ASRock InstantBoot v1.29
ATI AVIVO64 Codecs
AVG 2013
AxCrypt 1.7.2867.0
Bonjour
calibre
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon MX870 series User Registration
Carbonite
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDDRV_Installer
Core Temp 1.0 RC3
CPUID CPU-Z 1.59
CPUID HWMonitor 1.22
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DolbyFiles
Eraser 6.0.9.2343
Etron USB3.0 Host Controller
Fences
Foxit Reader
Google Earth Plug-in
Google Update Helper
HydraVision
iCloud
ImagXpress
iTunes
Java 7 Update 11
Java Auto Updater
Java(TM) 7 Update 5 (64-bit)
Logitech SetPoint
Macromedia Flash Player 8
Magical Jelly Bean KeyFinder
Malwarebytes Anti-Malware version 1.75.0.1300
Menu Templates - Pack 1
Menu Templates - Pack 2
Menu Templates - Pack 3
Menu Templates - Starter Kit
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Hotmail Connector 64-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Movie Templates - Pack 1
Movie Templates - Starter Kit
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Otter32
Outlook Spy (64 bit)
Paint Shop Pro 7 ESD
Pdf995
pdfsam
Photo Common
Photo Gallery
PumpSelect 2.0
QuickBooks Contact Sync
QuickBooks Pro 2008
QuickTime
RapidTyping
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Recuva
Reflector
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Sentinel Protection Installer 7.6.4
SiteWorx/OS V5
SoundTrax
Speccy
SupportSoft Assisted Service
THX TruStudio
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
VC 9.0 Runtime
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinEst
WinPatrol
XFast LAN v6.61
XFast USB
ZoneAlarm Antivirus
ZoneAlarm Firewall
ZoneAlarm Free Antivirus + Firewall
ZoneAlarm Security
.
==== Event Viewer Messages From Past Week ========
.
5/31/2013 5:07:05 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
5/31/2013 12:00:09 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy13.
5/31/2013 12:00:04 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{8e5a45e2-7350-11e1-95f6-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{07290BF4-299D-4C46-8584-D452BFCFCF03}' was corrupted and it has been recovered. Some data might have been lost.
5/30/2013 3:07:42 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{8e5a45e2-7350-11e1-95f6-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{83AD210F-279D-4432-8A01-53F893DC4CA2}' was corrupted and it has been recovered. Some data might have been lost.
5/30/2013 12:06:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
5/30/2013 12:06:40 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/30/2013 12:00:21 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy18.
5/30/2013 1:18:36 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy14.
5/30/2013 1:18:23 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{8e5a45e2-7350-11e1-95f6-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{22597A40-43A1-48F6-ABAB-1B07671B362D}' was corrupted and it has been recovered. Some data might have been lost.
5/29/2013 8:37:54 AM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified.
5/29/2013 5:55:59 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/29/2013 11:06:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AMD External Events Utility service to connect.
5/29/2013 11:06:04 AM, Error: Service Control Manager [7000] - The AMD External Events Utility service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
*******************************************
The log show that your have two AV's on your computer and both are enabled. Only one AV should be enabled at any time on your computer to avoid conflicts. Either ZoneAlarm Antivirus or AVG AntiVirus Free Edition 2013 will have to be disabled/removed.I'm assuming that you purchased ZoneAlarm so that is the one you should keep.
Update Your Java (JRE)
Old versions of Java have vulnerabilities that malware can use to infect your system.
First Verify your Java Version (http://www.java.com/en/download/installed.jsp)
If there are any other version(s) installed then update now.
Get the new version (if needed)
If your version is out of date install the newest version of the Sun Java Runtime Environment (http://www.majorgeeks.com/Sun_Java_Runtime_Environment_d4648.html).
Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Be sure to close ALL open web browsers before starting the installation.
Remove any old versions
1. Download JavaRa (http://raproducts.org/click/click.php?id=1) and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.
Additional Note: The Java Quick Starter (JQS.exe) (http://java.sun.com/javase/6/docs/technotes/guides/jweb/otherFeatures/jqs.html) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************
Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
•Warning! Once the scan is complete JRT will shut down your browser with NO warning.
•Shut down your protection software now to avoid potential conflicts.
•Temporarily disable your Antivirus and any Antispyware real time protection before performing a scan. Click this (http://www.bleepingcomputer.com/forums/topic114351.html) link to see a list of security programs that should be disabled and how to disable them.
•Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
•The tool will open and start scanning your system.
•Please be patient as this can take a while to complete depending on your system's specifications.
•On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
•Copy and Paste the JRT.txt log into your next message.
*********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
-
# AdwCleaner v2.301 - Logfile created 05/31/2013 at 15:33:48
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : User 1 - PC
# Boot Mode : Normal
# Running from : E:\Scan Tools\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\User 1\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\vmw1adn7.default\extensions\staged
***** [Registry] *****
***** [Internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16576
[OK] Registry is clean.
-\\ Mozilla Firefox v21.0 (en-US)
File : C:\Users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\vmw1adn7.default\prefs.js
[OK] File is clean.
File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ncnka0fd.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R6].txt - [1369 octets] - [31/05/2013 15:33:32]
AdwCleaner[S2].txt - [1311 octets] - [31/05/2013 15:33:48]
########## EOF - C:\AdwCleaner[S2].txt - [1371 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by User 1 on Fri 05/31/2013 at 15:49:18.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\User 1\AppData\Roaming\mozilla\firefox\profiles\vmw1adn7.default\minidumps [103 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/31/2013 at 15:53:15.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNSUPPORTED OPERATING SYSTEM! ABORTED!
-
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
ComboFix 13-06-01.01 - User 1 06/01/2013 22:17:13.4.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8188.4868 [GMT -7:00]
Running from: c:\users\User 1\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
((((((((((((((((((((((((( Files Created from 2013-05-02 to 2013-06-02 )))))))))))))))))))))))))))))))
.
.
2013-06-02 05:25 . 2013-06-02 05:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-02 05:25 . 2013-06-02 05:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-05-31 05:12 . 2013-05-31 05:12 9876132 ----a-w- C:\u12iavi5871yo.bin.partial
2013-05-29 18:09 . 2013-05-29 18:09 -------- d-----w- c:\programdata\ATI
2013-05-29 18:08 . 2013-05-29 18:08 -------- d-----w- c:\program files (x86)\AMD AVT
2013-05-29 18:03 . 2013-05-29 18:03 -------- d-----w- C:\AMD
2013-05-27 23:34 . 2013-05-27 23:34 -------- d-----w- c:\windows\ERUNT
2013-05-27 23:34 . 2013-05-31 22:48 -------- d-----w- C:\JRT
2013-05-26 14:23 . 2013-05-26 14:28 -------- d-----w- C:\MaxxMem
2013-05-26 13:06 . 2013-05-26 13:06 -------- d-----w- c:\program files (x86)\AnalogX
2013-05-26 13:05 . 2013-05-26 13:31 -------- d-----w- c:\program files\PC Optimizer Pro
2013-05-26 13:03 . 2013-05-26 13:04 -------- d-----w- c:\users\User 1\AppData\Local\TopArcadeHits
2013-05-26 12:57 . 2013-05-28 02:19 -------- d-----w- c:\program files\Prime95
2013-05-26 12:36 . 2013-05-27 16:50 -------- d-----w- c:\program files\Super PI
2013-05-24 00:10 . 2013-05-24 00:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-05-24 00:10 . 2013-05-24 00:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-05-24 00:10 . 2013-05-24 00:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-05-24 00:10 . 2013-05-24 00:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-05-24 00:10 . 2013-05-24 00:10 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-05-24 00:10 . 2013-05-24 00:10 -------- d-----w- c:\program files (x86)\QuickTime
2013-05-23 16:52 . 2013-05-23 16:52 -------- d-----w- c:\program files\Speccy
2013-05-22 16:12 . 2013-05-22 16:26 -------- d-----w- c:\users\User 1\AppData\Local\LogMeIn Rescue Applet
2013-05-22 14:16 . 2013-05-22 14:16 -------- d-----w- c:\program files\OutlookSpy
2013-05-17 00:14 . 2013-05-17 00:14 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-17 00:14 . 2013-05-17 00:14 -------- d-----w- c:\program files\iTunes
2013-05-17 00:14 . 2013-05-17 00:14 -------- d-----w- c:\program files (x86)\iTunes
2013-05-17 00:14 . 2013-05-17 00:14 -------- d-----w- c:\program files\iPod
2013-05-16 00:37 . 2013-04-05 06:52 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-05-15 23:18 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-07 19:54 . 2013-05-07 19:54 -------- d-----w- c:\programdata\StarApp
2013-05-06 13:50 . 2013-05-06 13:50 -------- d-----w- c:\users\User 1\IGC
2013-05-06 13:50 . 2013-05-06 13:50 -------- d-----w- c:\users\User 1\AppData\Roaming\IGC
2013-05-06 13:44 . 2003-05-28 20:19 245408 ------w- c:\windows\SysWow64\unicows.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-29 18:10 . 2012-03-30 03:30 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-29 18:10 . 2012-03-22 19:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-20 16:52 . 2012-08-29 15:14 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-05-17 00:30 . 2012-07-17 22:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 00:42 . 2012-03-22 00:56 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-13 17:04 . 2012-03-22 00:42 32320 ----a-w- c:\windows\system32\drivers\FNETTBOH_305.SYS
2013-05-01 10:59 . 2013-05-01 10:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 10:59 . 2013-05-01 10:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 23:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 23:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 23:18 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 23:18 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 23:18 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 23:18 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 04:13 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-04 21:50 . 2012-04-10 13:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-29 09:53 . 2013-03-29 09:53 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2011-03-09 04:17 139696 ----a-w- c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2013-03-29 02:37 112440 ----a-w- c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2011-03-09 04:17 118584 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2011-03-09 04:16 92304 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2011-03-09 04:55 1155264 ----a-w- c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2011-03-09 04:56 970912 ----a-w- c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2011-03-09 04:40 8272136 ----a-w- c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2011-03-09 04:48 7233336 ----a-w- c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2013-03-29 02:36 4450264 ----a-w- c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2013-03-29 02:36 5944264 ----a-w- c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2013-03-29 02:36 5000320 ----a-w- c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2013-03-29 02:36 6985624 ----a-w- c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35 11658752 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13 222720 ----a-w- c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13 64000 ----a-w- c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12 29150720 ----a-w- c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2011-03-22 02:55 23810560 ----a-w- c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09 54784 ----a-w- c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2013-03-29 02:04 24229376 ----a-w- c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00 76800 ----a-w- c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2011-03-09 04:32 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48 19870720 ----a-w- c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35 442368 ----a-w- c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35 562688 ----a-w- c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34 241152 ----a-w- c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33 120320 ----a-w- c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32 26112 ----a-w- c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32 59392 ----a-w- c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:10 . 2011-03-09 04:18 636416 ----a-w- c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2011-03-09 04:18 430080 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2013-03-29 01:10 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10 44032 ----a-w- c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2011-03-09 04:17 34816 ----a-w- c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09 581120 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2013-03-23 19:05 . 2013-03-23 19:05 528 ----a-r- c:\users\Public\MediaID.bin
2013-03-21 10:08 . 2013-03-21 10:08 240952 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2013-03-19 06:04 . 2013-04-10 05:56 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 05:56 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 05:56 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 05:56 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 05:56 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 05:56 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-14 10:06 . 2013-03-14 10:06 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-14 10:06 . 2013-03-14 10:06 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-14 10:06 . 2013-03-14 10:06 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-14 10:06 . 2013-03-14 10:06 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-14 10:05 . 2013-03-14 10:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-14 10:05 . 2013-03-14 10:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-14 10:05 . 2013-03-14 10:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-14 10:05 . 2013-03-14 10:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-14 10:05 . 2013-03-14 10:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-14 10:05 . 2013-03-14 10:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-14 10:05 . 2013-03-14 10:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-14 10:05 . 2013-03-14 10:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-14 10:05 . 2013-03-14 10:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-14 10:05 . 2013-03-14 10:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-14 10:05 . 2013-03-14 10:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-14 10:05 . 2013-03-14 10:05 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-14 10:05 . 2013-03-14 10:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-14 10:05 . 2013-03-14 10:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-14 10:05 . 2013-03-14 10:05 441856 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-04-27 19:48 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-04-27 19:48 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-04-27 19:48 1020424 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zASRockInstantBoot"="" [BU]
"ASRockXTU"="" [BU]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-04-26 423144]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-03-29 389120]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-30 73832]
"XFast USB"="c:\program files (x86)\XFast USB\XFastUsb.exe" [2012-03-21 4878912]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-29 642656]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-04-27 1066504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 30 (0x1e)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\USER1~1\AppData\Local\Temp\ALSysIO64.sys
R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
R3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2013-05-13 32320]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2013-02-08 71480]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2013-02-08 311096]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2013-02-08 116536]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2013-02-08 45880]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2013-03-29 246072]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2013-02-08 206136]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2013-03-21 240952]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-03-21 15936]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 241152]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-03-29 361984]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2013-05-14 4937264]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-04-18 283136]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys [2009-09-17 145448]
S2 SentinelKeysServer;Sentinel Keys Server;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2011-05-27 374304]
S2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\program files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [2011-05-27 292384]
S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-02-14 96768]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-21 471144]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS [2011-05-27 63528]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-10-19 39480]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
start [BU]
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 18:10]
.
2013-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 15:00]
.
2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-29 15:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-04-27 19:36 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-04-27 19:36 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-04-27 19:36 1292808 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="" [BU]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
FF - ProfilePath - c:\users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\vmw1adn7.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - ExtSQL: 2013-04-27 07:51; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-05-27 11:16; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\User 1\AppData\Roaming\Mozilla\Firefox\Profiles\vmw1adn7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-{42242AFE-0C8F-A069-A7F8-55433ADDE1BE} - c:\progra~3\INSTAL~1\{84FC2~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash8a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash8a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash8a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash8a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash8a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-01 22:39:07
ComboFix-quarantined-files.txt 2013-06-02 05:39
.
Pre-Run: 123,810,639,872 bytes free
Post-Run: 123,261,288,448 bytes free
.
- - End Of File - - 10A4426259DF75D37DF1388AF543DF89
-
Please download Rooter (http://eric71.geekstogo.com/tools/Rooter.exe) and Save it to your desktop.
- Double click it to start the tool.Vista and Windows7 run as administrator.
- Click Scan.
- Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.
*******************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
Rooter has been scanning my files for almost 5 hours. Is that normal?
-
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Rooter never completed file scan after 12 hours
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : User 1 [Admin rights]
Mode : Scan -- Date : 06/03/2013 05:27:59
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 17 ¤¤¤
[TASK][SUSP PATH] TidyNetwork Update : C:\Users\User 1\AppData\Local\TidyNetwork.com\tidy2update.exe [TASK][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) [HJPOL] HKCU\[...]\System : DisableTaskmgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500AAKX-001CA0 ATA Device +++++
--- User ---
[MBR] 74113ddb89d9f21011446416321c2129
[BSP] 860a0b317c9c2f06f79314b75a0c7fb8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 188373 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 385994752 | Size: 49999 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_06032013_02d0527.txt >>
RKreport[1]_S_06032013_02d0527.tx
No items have been deleted
-
Rooter has been scanning my files for almost 5 hours. Is that normal?
Not really.
Please run RogueKiller again and delete those items.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
C:\Users\All Users\Spybot - Search & Destroy\Recovery\YontooPagerage35.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\YontooPagerage35.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebclipmmadgfcaljinafeemdhneekiaa\1\51895c2c261dc4.41363417.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\User 1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehohcmembgjlinndodaogjfdlnknldb\1\51895baa57c254.09392782.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
-
Computer and User1 are now on my desktop. They don't appear to be shortcuts. Can I safely delete them?
-
Please disregard last post.
-
How's your computer running now? Any other issues before we cleanup?
-
I'm still having the same issue.
[recovering disk space, attachment deleted by admin]
-
Computer would not boot to windows this morning. Would not boot to safe mode. Would not boot from DVD. Would not boot from rescue disk.
-
Would not boot from DVD. Would not boot from rescue disk.
Did you set the BIOS to boot from the disk drive?
If you do not know how to set your computer to boot from CD follow the steps here (http://www.hiren.info/pages/bios-boot-cdrom)
-
Finally resolved the boot issue. So we're back to having the original problem of "toparcadehits" opening browser windows whenever it likes to.
-
Finally resolved the boot issue. So we're back to having the original problem of "toparcadehits" opening browser windows whenever it likes to.
What browser are you getting this problem?
-
Firefox
-
Firefox
Does it happen with Internet Explorer? If not, why not uninstall and re-install FF?