[A] I've got win64/patched.A

Inactive
By Curt Johnson
Nov 18, 2012
Topic Status:
Not open for further replies.
  1. I have included my 2 text files from FRST.64, frst.txt and search.txt

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Welcome aboard [​IMG]

    Please read forum rules: http://www.techspot.com/community/topics/read-this-or-you-might-not-get-help.182638/

    Is the computer bootable?

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    Farbar Recovery Scan Tool (x64) Version: 18-11-2012
    Ran by SYSTEM at 2012-11-18 15:53:57
    Running from L:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  4. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
    Ran by SYSTEM at 18-11-2012 15:51:53
    Running from L:\
    Windows 7 Ultimate (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
    HKU\Curtis\...\Run: [PC Cleaner] C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe [63120 2012-01-30] (PC Help Soft)
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    ==================== Services (Whitelisted) ===================

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
    2 HitmanPro36CrusaderBoot; "C:\Program Files\HitmanPro\HitmanPro.exe" /crusader:boot [9105176 2012-11-18] (SurfRight B.V.)
    2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108904 2012-11-18] (SurfRight B.V.)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
    2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [474208 2012-07-27] (Sony Corporation)
    2 Serviio; C:\Program Files (x86)\Serviio\bin\ServiioService.exe [207872 2012-08-09] ()
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [2148216 2012-08-23] (AVG)

    ==================== Drivers (Whitelisted) =====================

    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-08-05] (DT Soft Ltd)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
    3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [46648 2012-08-02] (Printing Communications Assoc., Inc. (PCAUSA))
    3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [45624 2012-08-02] (Printing Communications Assoc., Inc. (PCAUSA))
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [862704 2012-08-05] (Duplex Secure Ltd.)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
    4 hitmanpro36; \??\C:\Windows\system32\drivers\hitmanpro36.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-11-18 13:44 - 2012-11-18 13:44 - 00002322 ____A C:\Users\Curtis\Desktop\RKreport[11]_D_11182012_02d1544.txt
    2012-11-18 13:44 - 2012-11-18 13:44 - 00000242 ____A C:\Windows\System32\bootdelete.lst
    2012-11-18 13:43 - 2012-11-18 13:43 - 00002256 ____A C:\Users\Curtis\Desktop\RKreport[10]_S_11182012_02d1543.txt
    2012-11-18 13:08 - 2012-11-18 13:08 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-11-18 13:07 - 2012-11-18 13:07 - 00002217 ____A C:\Users\Curtis\Desktop\RKreport[9]_S_11182012_02d1507.txt
    2012-11-18 12:57 - 2012-11-18 13:44 - 00000838 ____A C:\Windows\System32\.crusader
    2012-11-18 12:51 - 2012-11-18 12:51 - 00002372 ____A C:\Users\Curtis\Desktop\RKreport[8]_D_11182012_02d1451.txt
    2012-11-18 12:40 - 2012-11-18 12:57 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-11-18 12:40 - 2012-11-18 12:40 - 00000000 ____D C:\Program Files\HitmanPro
    2012-11-18 12:39 - 2012-11-18 12:39 - 09105176 ____A (SurfRight B.V.) C:\Users\Curtis\Desktop\HitmanPro36_x64.exe
    2012-11-18 12:05 - 2012-11-18 12:06 - 00025025 ____A C:\Users\Curtis\Desktop\FRST.txt
    2012-11-18 12:05 - 2012-11-18 12:05 - 00000000 ____D C:\FRST
    2012-11-18 12:04 - 2012-11-18 12:04 - 01461037 ____A (Farbar) C:\Users\Curtis\Desktop\FRST64.exe
    2012-11-18 11:59 - 2012-11-18 11:59 - 00002326 ____A C:\Users\Curtis\Desktop\RKreport[6]_D_11182012_02d1359.txt
    2012-11-18 11:58 - 2012-11-18 11:58 - 00002263 ____A C:\Users\Curtis\Desktop\RKreport[5]_S_11182012_02d1358.txt
    2012-11-18 11:48 - 2012-11-18 11:54 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 11:46 - 2012-11-18 11:47 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Curtis\Desktop\Killer.exe
    2012-11-18 11:36 - 2012-11-18 13:43 - 00000000 ____D C:\Users\Curtis\Desktop\RK_Quarantine
    2012-11-18 11:36 - 2012-11-18 11:36 - 00724992 ____A C:\Users\Curtis\Desktop\RogueKiller.exe
    2012-11-18 11:09 - 2012-11-18 11:09 - 00000000 ____D C:\Users\Curtis\Desktop\AVG
    2012-11-18 08:35 - 2012-11-18 11:57 - 00000000 ____D C:\Users\All Users\SecTaskMan
    2012-11-18 08:35 - 2012-11-18 11:56 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
    2012-11-18 08:35 - 2012-11-18 08:35 - 02095024 ____A C:\Users\Curtis\Desktop\SecurityTaskManager_Setup.exe
    2012-11-18 08:24 - 2012-11-18 08:31 - 00000000 ____D C:\Users\Curtis\Documents\PC Cleaner
    2012-11-18 08:14 - 2012-11-18 08:14 - 00000986 ____A C:\Users\Curtis\Desktop\PC Cleaner.lnk
    2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\PC Cleaner
    2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Program Files (x86)\PC Cleaner
    2012-11-18 06:37 - 2012-11-18 06:37 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Malwarebytes
    2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 06:37 - 2012-09-29 17:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-11-18 06:36 - 2012-11-18 06:36 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Curtis\Desktop\mbam-setup-1.65.1.1000.exe
    2012-11-17 22:04 - 2012-11-17 22:04 - 00000017 ____A C:\Users\Curtis\AppData\Local\resmon.resmoncfg
    2012-11-17 21:54 - 2012-11-17 22:10 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-17 01:07 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
    2012-11-17 01:07 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
    2012-11-17 01:07 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
    2012-11-17 01:07 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2012-11-17 01:02 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-11-17 01:02 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-11-17 01:02 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-11-17 01:02 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-11-17 01:02 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-11-17 01:02 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-11-17 01:02 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-11-17 01:02 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-11-17 01:02 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-11-17 01:02 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-11-17 01:02 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-11-17 01:02 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-11-17 01:02 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-11-17 01:02 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-11-17 01:02 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-11-17 01:02 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-11-17 01:02 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-11-17 01:02 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-11-17 01:02 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-11-17 01:02 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-11-17 01:02 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-11-17 01:02 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-11-17 01:02 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-11-17 01:02 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-11-17 01:02 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-11-17 01:02 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-11-17 01:02 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-11-17 01:02 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-11-17 01:02 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-11-17 01:02 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-11-17 01:02 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-11-17 01:02 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-11-17 01:00 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
    2012-11-17 01:00 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
    2012-11-17 01:00 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
    2012-11-17 01:00 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
    2012-11-17 01:00 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-17 01:00 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
    2012-11-17 01:00 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
    2012-11-17 01:00 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2012-11-16 17:54 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-11-16 17:54 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
    2012-11-16 17:54 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
    2012-11-16 17:54 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2012-11-16 17:54 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2012-11-16 17:54 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-11-16 17:54 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
    2012-11-16 17:54 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
    2012-11-16 17:54 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
    2012-11-16 17:54 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
    2012-11-16 17:54 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
    2012-11-16 17:54 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
    2012-11-16 17:54 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2012-11-16 17:54 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2012-11-16 17:54 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2012-11-16 17:54 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
    2012-11-16 17:54 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2012-11-16 17:54 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
    2012-11-16 17:54 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2012-11-15 20:18 - 2012-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-11-10 05:34 - 2012-11-10 05:34 - 01803494 ___RA C:\Users\Curtis\My Money Backup_2012-11-10_073414.mbf
    2012-11-07 16:41 - 2012-08-23 09:31 - 00035192 ____A (AVG) C:\Windows\System32\TURegOpt.exe
    2012-11-07 16:41 - 2012-08-23 09:31 - 00026488 ____A (AVG) C:\Windows\System32\authuitu.dll
    2012-11-07 16:41 - 2012-08-23 09:31 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
    2012-11-07 16:40 - 2012-11-07 16:41 - 00000000 ____D C:\Users\All Users\AVG
    2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG
    2012-11-04 05:14 - 2012-11-04 05:14 - 01849084 ___RA C:\Users\Curtis\My Money Backup_2012-11-04_071431.mbf
    2012-11-02 17:21 - 2012-11-02 17:21 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG2013
    2012-11-02 17:20 - 2012-11-02 17:20 - 00000000 ___HD C:\$AVG
    2012-11-02 15:36 - 2012-11-02 15:36 - 00000907 ____A C:\Users\Curtis\Desktop\Wars in America.lnk
    2012-11-02 15:34 - 2012-11-02 15:37 - 00000000 ____D C:\Program Files (x86)\Wars in America
    2012-11-01 15:33 - 2012-11-03 21:16 - 00000000 ____D C:\Users\Curtis\AppData\Local\Avg2013
    2012-11-01 15:20 - 2012-11-01 15:20 - 01609524 ___RA C:\Users\Curtis\My Money Backup_2012-11-01_182026.mbf
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2012-10-27 05:15 - 2012-10-27 07:10 - 3136110070 ____A C:\Users\Curtis\Desktop\Men in Black 3 2012 720p BluRay x264-MgB.mp4
    2012-10-22 11:02 - 2012-10-22 11:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-10-19 14:33 - 2012-10-19 14:33 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-19 14:33 - 2012-09-24 20:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-10-19 14:33 - 2012-09-24 20:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-10-19 14:33 - 2012-09-24 20:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe


    ==================== One Month Modified Files and Folders =======

    2012-11-18 13:47 - 2011-10-07 15:19 - 01234581 ____A C:\Windows\WindowsUpdate.log
    2012-11-18 13:47 - 2009-07-13 21:13 - 00006206 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-18 13:46 - 2009-07-13 20:45 - 00012624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-18 13:46 - 2009-07-13 20:45 - 00012624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-18 13:44 - 2012-11-18 13:44 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
    2012-11-18 13:44 - 2012-11-18 13:44 - 00002322 ____A C:\Users\Curtis\Desktop\RKreport[11]_D_11182012_02d1544.txt
    2012-11-18 13:44 - 2012-11-18 13:44 - 00000242 ____A C:\Windows\System32\bootdelete.lst
    2012-11-18 13:44 - 2012-11-18 12:57 - 00000838 ____A C:\Windows\System32\.crusader
    2012-11-18 13:43 - 2012-11-18 13:43 - 00002256 ____A C:\Users\Curtis\Desktop\RKreport[10]_S_11182012_02d1543.txt
    2012-11-18 13:43 - 2012-11-18 11:36 - 00000000 ____D C:\Users\Curtis\Desktop\RK_Quarantine
    2012-11-18 13:41 - 2012-09-18 09:04 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-18 13:41 - 2012-08-18 13:20 - 00000000 ____D C:\Users\All Users\NVIDIA
    2012-11-18 13:41 - 2012-08-15 16:55 - 00000110 ____A C:\.dir
    2012-11-18 13:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-18 13:41 - 2009-07-13 20:51 - 00076072 ____A C:\Windows\setupact.log
    2012-11-18 13:39 - 2012-01-02 08:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-18 13:14 - 2012-09-18 09:04 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-18 13:08 - 2012-11-18 13:08 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
    2012-11-18 13:07 - 2012-11-18 13:07 - 00002217 ____A C:\Users\Curtis\Desktop\RKreport[9]_S_11182012_02d1507.txt
    2012-11-18 12:59 - 2011-10-09 11:17 - 00090868 ____A C:\Windows\PFRO.log
    2012-11-18 12:57 - 2012-11-18 12:40 - 00000000 ____D C:\Users\All Users\HitmanPro
    2012-11-18 12:51 - 2012-11-18 12:51 - 00002372 ____A C:\Users\Curtis\Desktop\RKreport[8]_D_11182012_02d1451.txt
    2012-11-18 12:48 - 2012-07-29 09:33 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001UA.job
    2012-11-18 12:40 - 2012-11-18 12:40 - 00000000 ____D C:\Program Files\HitmanPro
    2012-11-18 12:39 - 2012-11-18 12:39 - 09105176 ____A (SurfRight B.V.) C:\Users\Curtis\Desktop\HitmanPro36_x64.exe
    2012-11-18 12:11 - 2009-07-13 21:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-18 12:06 - 2012-11-18 12:05 - 00025025 ____A C:\Users\Curtis\Desktop\FRST.txt
    2012-11-18 12:05 - 2012-11-18 12:05 - 00000000 ____D C:\FRST
    2012-11-18 12:04 - 2012-11-18 12:04 - 01461037 ____A (Farbar) C:\Users\Curtis\Desktop\FRST64.exe
    2012-11-18 11:59 - 2012-11-18 11:59 - 00002326 ____A C:\Users\Curtis\Desktop\RKreport[6]_D_11182012_02d1359.txt
    2012-11-18 11:58 - 2012-11-18 11:58 - 00002263 ____A C:\Users\Curtis\Desktop\RKreport[5]_S_11182012_02d1358.txt
    2012-11-18 11:57 - 2012-11-18 08:35 - 00000000 ____D C:\Users\All Users\SecTaskMan
    2012-11-18 11:56 - 2012-11-18 08:35 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
    2012-11-18 11:54 - 2012-11-18 11:48 - 00000000 ____D C:\TDSSKiller_Quarantine
    2012-11-18 11:47 - 2012-11-18 11:46 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Curtis\Desktop\Killer.exe
    2012-11-18 11:36 - 2012-11-18 11:36 - 00724992 ____A C:\Users\Curtis\Desktop\RogueKiller.exe
    2012-11-18 11:09 - 2012-11-18 11:09 - 00000000 ____D C:\Users\Curtis\Desktop\AVG
    2012-11-18 10:56 - 2012-09-28 17:29 - 00000000 ____D C:\Users\All Users\AVG2013
    2012-11-18 08:40 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-11-18 08:35 - 2012-11-18 08:35 - 02095024 ____A C:\Users\Curtis\Desktop\SecurityTaskManager_Setup.exe
    2012-11-18 08:31 - 2012-11-18 08:24 - 00000000 ____D C:\Users\Curtis\Documents\PC Cleaner
    2012-11-18 08:14 - 2012-11-18 08:14 - 00000986 ____A C:\Users\Curtis\Desktop\PC Cleaner.lnk
    2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\PC Cleaner
    2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Program Files (x86)\PC Cleaner
    2012-11-18 07:22 - 2011-10-24 16:31 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\uTorrent
    2012-11-18 06:46 - 2012-08-07 14:37 - 00000990 ____A C:\Users\Curtis\Desktop\magicJack.lnk
    2012-11-18 06:46 - 2011-10-07 15:28 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\mjusbsp
    2012-11-18 06:44 - 2012-09-29 05:13 - 00327680 ____A C:\Windows\System32\Ikeext.etl
    2012-11-18 06:37 - 2012-11-18 06:37 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Malwarebytes
    2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 06:36 - 2012-11-18 06:36 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Curtis\Desktop\mbam-setup-1.65.1.1000.exe
    2012-11-18 06:32 - 2011-11-13 05:37 - 00000000 ____D C:\Users\All Users\MFAData
    2012-11-18 06:07 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
    2012-11-18 02:48 - 2012-07-29 09:33 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001Core.job
    2012-11-17 22:10 - 2012-11-17 21:54 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2012-11-17 22:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
    2012-11-17 22:04 - 2012-11-17 22:04 - 00000017 ____A C:\Users\Curtis\AppData\Local\resmon.resmoncfg
    2012-11-17 06:27 - 2011-10-07 16:21 - 00059904 ____A C:\Users\Curtis\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-17 06:25 - 2012-08-05 06:00 - 00797184 __ASH C:\Users\Curtis\Desktop\Thumbs.db
    2012-11-17 02:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-11-17 01:27 - 2012-03-21 14:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2012-11-17 01:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
    2012-11-17 01:01 - 2011-10-07 20:39 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-11-15 20:18 - 2012-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2012-11-10 05:34 - 2012-11-10 05:34 - 01803494 ___RA C:\Users\Curtis\My Money Backup_2012-11-10_073414.mbf
    2012-11-10 05:34 - 2011-10-07 15:16 - 00000000 ____D C:\users\Curtis
    2012-11-09 17:38 - 2011-10-07 15:18 - 00000000 ____D C:\Users\Curtis\AppData\Local\VirtualStore
    2012-11-08 15:15 - 2012-01-02 08:52 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-11-08 15:15 - 2011-12-01 14:46 - 00000000 ____D C:\Users\All Users\Adobe
    2012-11-08 15:15 - 2011-10-10 07:50 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-11-07 16:41 - 2012-11-07 16:40 - 00000000 ____D C:\Users\All Users\AVG
    2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG
    2012-11-07 16:40 - 2011-11-13 05:41 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-11-04 05:14 - 2012-11-04 05:14 - 01849084 ___RA C:\Users\Curtis\My Money Backup_2012-11-04_071431.mbf
    2012-11-03 21:16 - 2012-11-01 15:33 - 00000000 ____D C:\Users\Curtis\AppData\Local\Avg2013
    2012-11-02 17:21 - 2012-11-02 17:21 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG2013
    2012-11-02 17:20 - 2012-11-02 17:20 - 00000000 ___HD C:\$AVG
    2012-11-02 15:37 - 2012-11-02 15:34 - 00000000 ____D C:\Program Files (x86)\Wars in America
    2012-11-02 15:36 - 2012-11-02 15:36 - 00000907 ____A C:\Users\Curtis\Desktop\Wars in America.lnk
    2012-11-02 14:57 - 2011-10-07 15:19 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Mozilla
    2012-11-01 15:20 - 2012-11-01 15:20 - 01609524 ___RA C:\Users\Curtis\My Money Backup_2012-11-01_182026.mbf
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
    2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
    2012-10-27 07:10 - 2012-10-27 05:15 - 3136110070 ____A C:\Users\Curtis\Desktop\Men in Black 3 2012 720p BluRay x264-MgB.mp4
    2012-10-22 11:02 - 2012-10-22 11:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
    2012-10-19 14:33 - 2012-10-19 14:33 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
    2012-10-19 14:33 - 2012-09-05 16:29 - 00000000 ____D C:\Program Files (x86)\Java


    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-26 21:46:23
    Restore point made on: 2012-11-01 15:28:36
    Restore point made on: 2012-11-01 15:32:28
    Restore point made on: 2012-11-01 15:33:52
    Restore point made on: 2012-11-02 17:20:10
    Restore point made on: 2012-11-02 17:20:32
    Restore point made on: 2012-11-07 16:40:34
    Restore point made on: 2012-11-16 18:25:39
    Restore point made on: 2012-11-17 01:00:23
    Restore point made on: 2012-11-18 06:05:42

    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 3063.17 MB
    Available physical RAM: 2475.95 MB
    Total Pagefile: 3061.32 MB
    Available Pagefile: 2455 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:596.17 GB) (Free:342.8 GB) NTFS
    2 Drive d: () (Fixed) (Total:688.87 GB) (Free:290.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive e: (PQSERVICE) (Fixed) (Total:9.77 GB) (Free:0.31 GB) NTFS
    10 Drive l: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32
    11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 Online 698 GB 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 7800 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 596 GB 1024 KB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 596 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 9 GB 31 KB
    Partition 2 Primary 688 GB 9 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 E PQSERVICE NTFS Partition 9 GB Healthy Hidden

    =========================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 D NTFS Partition 688 GB Healthy

    =========================================================

    Partitions of Disk 6:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7799 MB 828 KB

    ==================================================================================

    Disk: 6
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 L FAT32 Removable 7799 MB Healthy

    =========================================================

    Last Boot: 2012-11-15 18:43

    ==================== End Of Log =============================
  5. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Attached Files:

  6. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    The fix seemed to work. No more warnings from AVG.
  7. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    HKEY_LOCAL_MACHINE\System\ControlSet00\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    Could not move C:\Windows\assembly\GAC_64\Desktop.ini.

    An error occurred while attempting to delete the specified data element.
    Element not found.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
  8. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
    Run by Curtis at 21:28:18 on 2012-11-18
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1877 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\HitmanPro\hmpsched.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Serviio\bin\ServiioService.exe
    C:\Program Files (x86)\Serviio\bin\ServiioService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\PC Cleaner\PCCSmartScan.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\sysWOW64\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.ca/
    uURLSearchHooks: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [PC Cleaner] C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
    LSP: mswsock.dll
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{95E9B8D9-278A-42FE-AEEF-D8A7ED7294F0} : DHCPNameServer = 192.168.0.1
    Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    SSODL: WebCheck - <orphaned>
    x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 validation.sls.microsoft.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\3m74k8u2.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Users\Curtis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Curtis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Curtis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-5 283200]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-11-18 108904]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 676936]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
    R2 Serviio;Serviio;C:\Program Files (x86)\Serviio\bin\ServiioService.exe [2012-8-9 207872]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    R3 hitmanpro36;HitmanPro 3.6 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-11-18 30496]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-18 25928]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
    S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2012-3-20 46648]
    S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2012-3-20 45624]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-10-9 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-9 59392]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-9 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-11-19 03:19:13 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
    2012-11-18 20:40:43 -------- d-----w- C:\Program Files\HitmanPro
    2012-11-18 20:40:28 -------- d-----w- C:\ProgramData\HitmanPro
    2012-11-18 20:05:26 -------- d-----w- C:\FRST
    2012-11-18 19:48:05 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-18 16:35:56 -------- d-----w- C:\ProgramData\SecTaskMan
    2012-11-18 16:35:50 -------- d-----w- C:\Program Files (x86)\Security Task Manager
    2012-11-18 16:14:48 -------- d-----w- C:\Users\Curtis\AppData\Roaming\PC Cleaner
    2012-11-18 16:14:42 -------- d-----w- C:\Program Files (x86)\PC Cleaner
    2012-11-18 14:37:38 -------- d-----w- C:\Users\Curtis\AppData\Roaming\Malwarebytes
    2012-11-18 14:37:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-18 14:37:27 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-18 14:37:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-18 06:08:32 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2012-11-18 05:54:41 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
    2012-11-17 09:07:30 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-17 09:07:29 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-17 09:07:29 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-17 09:07:29 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-17 09:00:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-17 09:00:48 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-17 09:00:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-17 09:00:48 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-17 09:00:48 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-17 09:00:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-17 09:00:48 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-16 04:18:13 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-11-08 00:41:17 35192 ----a-w- C:\Windows\System32\TURegOpt.exe
    2012-11-08 00:41:16 26488 ----a-w- C:\Windows\System32\authuitu.dll
    2012-11-08 00:41:16 21880 ----a-w- C:\Windows\SysWow64\authuitu.dll
    2012-11-08 00:40:51 -------- d-----w- C:\Users\Curtis\AppData\Roaming\AVG
    2012-11-08 00:40:18 -------- d-----w- C:\ProgramData\AVG
    2012-11-08 00:40:14 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    2012-11-03 01:21:29 -------- d-----w- C:\Users\Curtis\AppData\Roaming\AVG2013
    2012-11-03 01:20:45 -------- d--h--w- C:\$AVG
    2012-11-02 23:34:43 -------- d-----w- C:\Program Files (x86)\Wars in America
    2012-11-02 22:34:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54FA8C7B-34AE-42E7-A4F3-58B508FA5D80}\mpengine.dll
    2012-11-01 23:33:44 -------- d-----w- C:\Users\Curtis\AppData\Local\Avg2013
    2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    .
    ==================== Find3M ====================
    .
    2012-11-08 23:15:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-08 23:15:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
    2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
    2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
    2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
    2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
    2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
    2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
    2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-25 04:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2012-09-06 00:29:34 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-09-06 00:29:34 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    .
    ============= FINISH: 21:29:19.28 ===============
  9. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume3
    Install Date: 10/7/2011 6:16:38 PM
    System Uptime: 11/18/2012 9:18:42 PM (0 hours ago)
    .
    Motherboard: Gateway | | TBGM01
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 1573/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 596 GiB total, 339.751 GiB free.
    D: is FIXED (NTFS) - 689 GiB total, 290.931 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is CDROM (UDF)
    K: is CDROM ()
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP162: 10/27/2012 12:46:06 AM - Scheduled Checkpoint
    RP163: 11/1/2012 6:28:26 PM - Windows Update
    RP164: 11/1/2012 6:32:24 PM - Removed AVG 2013
    RP165: 11/1/2012 6:33:48 PM - Removed AVG 2013
    RP166: 11/2/2012 8:19:56 PM - Installed AVG 2013
    RP167: 11/2/2012 8:20:23 PM - Installed AVG 2013
    RP168: 11/7/2012 6:40:23 PM - Installed AVG PC TuneUp
    RP169: 11/16/2012 8:25:31 PM - Scheduled Checkpoint
    RP170: 11/17/2012 3:00:13 AM - Windows Update
    RP171: 11/18/2012 8:05:29 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    µTorrent
    3D Landscape for Everyone
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.4)
    AMD Accelerated Video Transcoding
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Media Foundation Decoders
    AVG 2013
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (en-US)
    Bit Che
    BSC Cleanitol TM
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Dutch
    CCC Help French
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cities XL 2012
    DAEMON Tools Lite
    DHTML Editing Component
    Diamond 11.6 2400-6900 Win7Vista
    Galactic Civilizations II: Ultimate Edition
    Google Drive
    Google Talk Plugin
    Google Update Helper
    Grand Ages Rome 1.01
    GVJackApp Release 1.051
    HitmanPro 3.6
    Hotel Giant 2
    HydraVision
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 23 (64-bit)
    LSI PCI-SV92EX Soft Modem
    magicJack
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.1
    Microsoft Money 2007 Home & Business
    Microsoft Silverlight
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server System CLR Types
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Shell (Isolated) - ENU
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Mozilla Firefox 17.0 (x86 en-US)
    Mozilla Maintenance Service
    NAM Hotfix Package 301 (13 April 2012)
    NETGEAR XET1001 Powerline Encryption Utility
    Network Addon Mod Version 30 with Essentials r132
    Network Widening Mod Version 2.0.0
    NVIDIA 3D Vision Controller Driver 306.97
    NVIDIA 3D Vision Driver 306.97
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    PC Cleaner v3.1
    PlayMemories Home
    RealHighway Mod Version 5.0.0
    RtR extension pack 11
    Sanctum
    Security Task Manager 1.8d
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Serviio
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 - Warlords
    SpeedFan (remove only)
    Star Trek Online
    Street Addon Mod Beta v3
    Stronghold 3 Gold
    Stronghold Kingdoms
    the LATEST VERSION OF THE GVJACKAPP
    Traffic Simulator Configuration Tool
    TurboTax 2011
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 x64 Redistributables
    Wars in America 1.01e
    WD Link
    WinRAR 4.11 (32-bit)
    Zoo Tycoon 2 - Extinct Animals
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/18/2012 9:19:31 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    11/18/2012 9:19:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    11/18/2012 9:19:19 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    11/18/2012 9:19:16 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
    11/18/2012 9:19:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    11/18/2012 9:19:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    11/18/2012 9:19:14 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    11/18/2012 9:19:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    11/18/2012 9:18:43 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    11/18/2012 1:22:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
    11/18/2012 1:21:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 1:20:46 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/18/2012 1:19:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/18/2012 1:19:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/17/2012 11:59:54 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
    .
    ==== End Of File ===========================
  10. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.18.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Curtis :: HOME [administrator]

    Protection: Enabled

    11/18/2012 9:23:01 PM
    mbam-log-2012-11-18 (21-23-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224722
    Time elapsed: 3 minute(s), 9 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  11. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    [​IMG]

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  12. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    I ram rogue killer and everything is clear.
    Ran aswMBR and am including this. System seems fine. No more warnings from AVG. I changed all my passwords to be safe.

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-18 21:54:17
    -----------------------------
    21:54:17.991 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:54:17.991 Number of processors: 8 586 0x1A04
    21:54:17.992 ComputerName: HOME UserName:
    21:54:20.610 Initialize success
    21:56:16.985 AVAST engine defs: 12111801
    22:47:50.201 The log file has been saved successfully to "C:\Users\Curtis\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-18 21:54:17
    -----------------------------
    21:54:17.991 OS Version: Windows x64 6.1.7601 Service Pack 1
    21:54:17.991 Number of processors: 8 586 0x1A04
    21:54:17.992 ComputerName: HOME UserName:
    21:54:20.610 Initialize success
    21:56:16.985 AVAST engine defs: 12111801
    22:47:50.201 The log file has been saved successfully to "C:\Users\Curtis\Desktop\aswMBR.txt"
    22:47:59.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
    22:47:59.293 Disk 0 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 11
    22:47:59.296 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP7T0L0-7
    22:47:59.299 Disk 1 Vendor: Hitachi_HDS721075KLA330 GK8OA70M Size: 715404MB BusType: 11
    22:47:59.311 Disk 0 MBR read successfully
    22:47:59.314 Disk 0 MBR scan
    22:47:59.319 Disk 0 unknown MBR code
    22:47:59.327 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 610479 MB offset 2048
    22:47:59.353 Disk 0 scanning C:\Windows\system32\drivers
    22:48:09.458 Service scanning
    22:48:29.021 Modules scanning
    22:48:29.032 Disk 0 trace - called modules:
    22:48:29.059 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    22:48:29.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003566790]
    22:48:29.071 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80032f5520]
    22:48:29.081 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80032ff060]
    22:48:30.688 AVAST engine scan C:\Windows
    22:48:33.104 AVAST engine scan C:\Windows\system32
    22:51:21.971 AVAST engine scan C:\Windows\system32\drivers
    22:51:32.479 AVAST engine scan C:\Users\Curtis
    23:02:12.516 AVAST engine scan C:\ProgramData
    23:03:12.304 Scan finished successfully
    06:09:29.988 Disk 0 MBR has been saved successfully to "C:\Users\Curtis\Desktop\MBR.dat"
    06:09:29.992 The log file has been saved successfully to "C:\Users\Curtis\Desktop\aswMBR.txt"
  13. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    I need to see RogueKiller log.
  14. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    Here's roguekiller log

    RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Curtis [Admin rights]
    Mode : Scan -- Date : 11/20/2012 18:20:44

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 14 ¤¤¤
    [TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001UA.job : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
    [TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001Core.job : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
    [TASK][SUSP PATH] Google Updater and Installer : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
    [TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001Core : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
    [TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001UA : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
    [HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
    [HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [RUN][SUSP PATH] [ON_D:Curtis]HKCU[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [RUN][NOTFOUND] [ON_D:Default]HKCU[...]\Run : WindowsWelcomeCenter (rundll32.exe oobefldr.dll,ShowWelcomeCenter) -> FOUND
    [RUN][SUSP PATH] [ON_D:Magic Jack]HKCU[...]\Run : cdloader ("C:\Users\Magic Jack\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Curtis\NTUSER.DAT
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Default User\NTUSER.DAT
    -> D:\Users\Magic Jack\NTUSER.DAT
    -> D:\Documents and Settings\Default\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 validation.sls.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
    --- User ---
    [MBR] 77f4be617bead07f29eb512e576a7716
    [BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
    --- User ---
    [MBR] b054222387f6a10d2ebe605a52ee6780
    [BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11202012_02d1820.txt >>
    RKreport[1]_S_11202012_02d1820.txt
  15. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    You should get two RogueKiller logs.
    One from from the 1st run, which you just posted and a second one after fixing stuff.
  16. Curt Johnson

    Curt Johnson Newcomer, in training Topic Starter

    Sorry. I ran it again and here are the 2 logs.
    RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Curtis [Admin rights]
    Mode : Scan -- Date : 11/21/2012 19:10:51

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
    [RUN][SUSP PATH] HKUS\S-1-5-21-2824034696-86158339-4270657182-1001[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Curtis\NTUSER.DAT
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Default User\NTUSER.DAT
    -> D:\Users\Magic Jack\NTUSER.DAT
    -> D:\Documents and Settings\Default\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT
    -> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 validation.sls.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
    --- User ---
    [MBR] 77f4be617bead07f29eb512e576a7716
    [BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
    --- User ---
    [MBR] b054222387f6a10d2ebe605a52ee6780
    [BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_11212012_02d1910.txt >>
    RKreport[1]_S_11212012_02d1910.txt

    And the fix. (2)

    RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Curtis [Admin rights]
    Mode : Remove -- Date : 11/21/2012 19:11:12

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 1 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Curtis\NTUSER.DAT
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Default User\NTUSER.DAT
    -> D:\Users\Magic Jack\NTUSER.DAT
    -> D:\Documents and Settings\Default\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT
    -> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 validation.sls.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
    --- User ---
    [MBR] 77f4be617bead07f29eb512e576a7716
    [BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
    --- User ---
    [MBR] b054222387f6a10d2ebe605a52ee6780
    [BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11212012_02d1911.txt >>
    RKreport[1]_S_11212012_02d1910.txt ; RKreport[2]_D_11212012_02d1911.txt



    Second one>


    RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Curtis [Admin rights]
    Mode : Remove -- Date : 11/21/2012 19:11:22

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Curtis\NTUSER.DAT
    -> D:\Users\Default\NTUSER.DAT
    -> D:\Users\Default User\NTUSER.DAT
    -> D:\Users\Magic Jack\NTUSER.DAT
    -> D:\Documents and Settings\Default\NTUSER.DAT
    -> D:\Documents and Settings\Default User\NTUSER.DAT
    -> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 validation.sls.microsoft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
    --- User ---
    [MBR] 77f4be617bead07f29eb512e576a7716
    [BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
    --- User ---
    [MBR] b054222387f6a10d2ebe605a52ee6780
    [BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[3]_D_11212012_02d1911.txt >>
    RKreport[1]_S_11212012_02d1910.txt ; RKreport[2]_D_11212012_02d1911.txt ; RKreport[3]_D_11212012_02d1911.txt
  17. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  18. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    Still with me?
     
  19. Broni

    Broni Malware Annihilator Posts: 46,158   +251

    This topic is marked as abandoned and closed due to inactivity.
    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.