[A] I've got win64/patched.A

Curt Johnson · Nov 18, 2012

I have included my 2 text files from FRST.64, frst.txt and search.txt

Broni · Nov 18, 2012

Welcome aboard

Please read forum rules: http://www.techspot.com/community/topics/read-this-or-you-might-not-get-help.182638/

Is the computer bootable?

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Curt Johnson · Nov 18, 2012

Farbar Recovery Scan Tool (x64) Version: 18-11-2012
Ran by SYSTEM at 2012-11-18 15:53:57
Running from L:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Curt Johnson · Nov 18, 2012

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-11-2012
Ran by SYSTEM at 18-11-2012 15:51:53
Running from L:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [10752 2012-02-20] ()
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKU\Curtis\...\Run: [PC Cleaner] C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe [63120 2012-01-30] (PC Help Soft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 HitmanPro36CrusaderBoot; "C:\Program Files\HitmanPro\HitmanPro.exe" /crusader:boot [9105176 2012-11-18] (SurfRight B.V.)
2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [108904 2012-11-18] (SurfRight B.V.)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [474208 2012-07-27] (Sony Corporation)
2 Serviio; C:\Program Files (x86)\Serviio\bin\ServiioService.exe [207872 2012-08-09] ()
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [2148216 2012-08-23] (AVG)

==================== Drivers (Whitelisted) =====================

1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-08-05] (DT Soft Ltd)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)
3 PCAMp50a64; C:\Windows\System32\Drivers\PCAMp50a64.sys [46648 2012-08-02] (Printing Communications Assoc., Inc. (PCAUSA))
3 PCASp50a64; C:\Windows\System32\Drivers\PCASp50a64.sys [45624 2012-08-02] (Printing Communications Assoc., Inc. (PCAUSA))
0 sptd; C:\Windows\System32\Drivers\sptd.sys [862704 2012-08-05] (Duplex Secure Ltd.)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
4 hitmanpro36; \??\C:\Windows\system32\drivers\hitmanpro36.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ====================

==================== One Month Created Files and Folders ========

2012-11-18 13:44 - 2012-11-18 13:44 - 00002322 ____A C:\Users\Curtis\Desktop\RKreport[11]_D_11182012_02d1544.txt
2012-11-18 13:44 - 2012-11-18 13:44 - 00000242 ____A C:\Windows\System32\bootdelete.lst
2012-11-18 13:43 - 2012-11-18 13:43 - 00002256 ____A C:\Users\Curtis\Desktop\RKreport[10]_S_11182012_02d1543.txt
2012-11-18 13:08 - 2012-11-18 13:08 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-11-18 13:07 - 2012-11-18 13:07 - 00002217 ____A C:\Users\Curtis\Desktop\RKreport[9]_S_11182012_02d1507.txt
2012-11-18 12:57 - 2012-11-18 13:44 - 00000838 ____A C:\Windows\System32\.crusader
2012-11-18 12:51 - 2012-11-18 12:51 - 00002372 ____A C:\Users\Curtis\Desktop\RKreport[8]_D_11182012_02d1451.txt
2012-11-18 12:40 - 2012-11-18 12:57 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-11-18 12:40 - 2012-11-18 12:40 - 00000000 ____D C:\Program Files\HitmanPro
2012-11-18 12:39 - 2012-11-18 12:39 - 09105176 ____A (SurfRight B.V.) C:\Users\Curtis\Desktop\HitmanPro36_x64.exe
2012-11-18 12:05 - 2012-11-18 12:06 - 00025025 ____A C:\Users\Curtis\Desktop\FRST.txt
2012-11-18 12:05 - 2012-11-18 12:05 - 00000000 ____D C:\FRST
2012-11-18 12:04 - 2012-11-18 12:04 - 01461037 ____A (Farbar) C:\Users\Curtis\Desktop\FRST64.exe
2012-11-18 11:59 - 2012-11-18 11:59 - 00002326 ____A C:\Users\Curtis\Desktop\RKreport[6]_D_11182012_02d1359.txt
2012-11-18 11:58 - 2012-11-18 11:58 - 00002263 ____A C:\Users\Curtis\Desktop\RKreport[5]_S_11182012_02d1358.txt
2012-11-18 11:48 - 2012-11-18 11:54 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 11:46 - 2012-11-18 11:47 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Curtis\Desktop\Killer.exe
2012-11-18 11:36 - 2012-11-18 13:43 - 00000000 ____D C:\Users\Curtis\Desktop\RK_Quarantine
2012-11-18 11:36 - 2012-11-18 11:36 - 00724992 ____A C:\Users\Curtis\Desktop\RogueKiller.exe
2012-11-18 11:09 - 2012-11-18 11:09 - 00000000 ____D C:\Users\Curtis\Desktop\AVG
2012-11-18 08:35 - 2012-11-18 11:57 - 00000000 ____D C:\Users\All Users\SecTaskMan
2012-11-18 08:35 - 2012-11-18 11:56 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2012-11-18 08:35 - 2012-11-18 08:35 - 02095024 ____A C:\Users\Curtis\Desktop\SecurityTaskManager_Setup.exe
2012-11-18 08:24 - 2012-11-18 08:31 - 00000000 ____D C:\Users\Curtis\Documents\PC Cleaner
2012-11-18 08:14 - 2012-11-18 08:14 - 00000986 ____A C:\Users\Curtis\Desktop\PC Cleaner.lnk
2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\PC Cleaner
2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Program Files (x86)\PC Cleaner
2012-11-18 06:37 - 2012-11-18 06:37 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Malwarebytes
2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 06:37 - 2012-09-29 17:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-18 06:36 - 2012-11-18 06:36 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Curtis\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-17 22:04 - 2012-11-17 22:04 - 00000017 ____A C:\Users\Curtis\AppData\Local\resmon.resmoncfg
2012-11-17 21:54 - 2012-11-17 22:10 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-17 01:07 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-17 01:07 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-17 01:07 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-17 01:07 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-17 01:02 - 2012-10-08 04:19 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-17 01:02 - 2012-10-08 03:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-17 01:02 - 2012-10-08 03:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-11-17 01:02 - 2012-10-08 03:24 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-17 01:02 - 2012-10-08 03:23 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-17 01:02 - 2012-10-08 03:22 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-11-17 01:02 - 2012-10-08 03:22 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-17 01:02 - 2012-10-08 03:20 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-17 01:02 - 2012-10-08 03:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-11-17 01:02 - 2012-10-08 03:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-11-17 01:02 - 2012-10-08 03:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-11-17 01:02 - 2012-10-08 03:15 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-17 01:02 - 2012-10-08 03:15 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-17 01:02 - 2012-10-08 03:13 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-17 01:02 - 2012-10-08 03:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-17 01:02 - 2012-10-08 03:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-17 01:02 - 2012-10-08 00:28 - 12320768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-11-17 01:02 - 2012-10-08 00:02 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-11-17 01:02 - 2012-10-07 23:56 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-11-17 01:02 - 2012-10-07 23:48 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-11-17 01:02 - 2012-10-07 23:48 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-11-17 01:02 - 2012-10-07 23:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-11-17 01:02 - 2012-10-07 23:46 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-11-17 01:02 - 2012-10-07 23:45 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-11-17 01:02 - 2012-10-07 23:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-11-17 01:02 - 2012-10-07 23:43 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-11-17 01:02 - 2012-10-07 23:43 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-11-17 01:02 - 2012-10-07 23:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-11-17 01:02 - 2012-10-07 23:41 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-11-17 01:02 - 2012-10-07 23:41 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-11-17 01:02 - 2012-10-07 23:40 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-11-17 01:02 - 2012-10-07 23:37 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-11-17 01:00 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-17 01:00 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-17 01:00 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-17 01:00 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-17 01:00 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 01:00 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-17 01:00 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-17 01:00 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-16 17:54 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-16 17:54 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-16 17:54 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-16 17:54 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-16 17:54 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-16 17:54 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-16 17:54 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-16 17:54 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-16 17:54 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-16 17:54 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-16 17:54 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-16 17:54 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-16 17:54 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-16 17:54 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-16 17:54 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-16 17:54 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-16 17:54 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-16 17:54 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-16 17:54 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-15 20:18 - 2012-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-10 05:34 - 2012-11-10 05:34 - 01803494 ___RA C:\Users\Curtis\My Money Backup_2012-11-10_073414.mbf
2012-11-07 16:41 - 2012-08-23 09:31 - 00035192 ____A (AVG) C:\Windows\System32\TURegOpt.exe
2012-11-07 16:41 - 2012-08-23 09:31 - 00026488 ____A (AVG) C:\Windows\System32\authuitu.dll
2012-11-07 16:41 - 2012-08-23 09:31 - 00021880 ____A (AVG) C:\Windows\SysWOW64\authuitu.dll
2012-11-07 16:40 - 2012-11-07 16:41 - 00000000 ____D C:\Users\All Users\AVG
2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG
2012-11-04 05:14 - 2012-11-04 05:14 - 01849084 ___RA C:\Users\Curtis\My Money Backup_2012-11-04_071431.mbf
2012-11-02 17:21 - 2012-11-02 17:21 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG2013
2012-11-02 17:20 - 2012-11-02 17:20 - 00000000 ___HD C:\$AVG
2012-11-02 15:36 - 2012-11-02 15:36 - 00000907 ____A C:\Users\Curtis\Desktop\Wars in America.lnk
2012-11-02 15:34 - 2012-11-02 15:37 - 00000000 ____D C:\Program Files (x86)\Wars in America
2012-11-01 15:33 - 2012-11-03 21:16 - 00000000 ____D C:\Users\Curtis\AppData\Local\Avg2013
2012-11-01 15:20 - 2012-11-01 15:20 - 01609524 ___RA C:\Users\Curtis\My Money Backup_2012-11-01_182026.mbf
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-10-27 05:15 - 2012-10-27 07:10 - 3136110070 ____A C:\Users\Curtis\Desktop\Men in Black 3 2012 720p BluRay x264-MgB.mp4
2012-10-22 11:02 - 2012-10-22 11:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-19 14:33 - 2012-10-19 14:33 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 14:33 - 2012-09-24 20:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-19 14:33 - 2012-09-24 20:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-19 14:33 - 2012-09-24 20:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe

==================== One Month Modified Files and Folders =======

2012-11-18 13:47 - 2011-10-07 15:19 - 01234581 ____A C:\Windows\WindowsUpdate.log
2012-11-18 13:47 - 2009-07-13 21:13 - 00006206 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-18 13:46 - 2009-07-13 20:45 - 00012624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-18 13:46 - 2009-07-13 20:45 - 00012624 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-18 13:44 - 2012-11-18 13:44 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-11-18 13:44 - 2012-11-18 13:44 - 00002322 ____A C:\Users\Curtis\Desktop\RKreport[11]_D_11182012_02d1544.txt
2012-11-18 13:44 - 2012-11-18 13:44 - 00000242 ____A C:\Windows\System32\bootdelete.lst
2012-11-18 13:44 - 2012-11-18 12:57 - 00000838 ____A C:\Windows\System32\.crusader
2012-11-18 13:43 - 2012-11-18 13:43 - 00002256 ____A C:\Users\Curtis\Desktop\RKreport[10]_S_11182012_02d1543.txt
2012-11-18 13:43 - 2012-11-18 11:36 - 00000000 ____D C:\Users\Curtis\Desktop\RK_Quarantine
2012-11-18 13:41 - 2012-09-18 09:04 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-18 13:41 - 2012-08-18 13:20 - 00000000 ____D C:\Users\All Users\NVIDIA
2012-11-18 13:41 - 2012-08-15 16:55 - 00000110 ____A C:\.dir
2012-11-18 13:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-18 13:41 - 2009-07-13 20:51 - 00076072 ____A C:\Windows\setupact.log
2012-11-18 13:39 - 2012-01-02 08:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-18 13:14 - 2012-09-18 09:04 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-18 13:08 - 2012-11-18 13:08 - 00001893 ____A C:\Users\Public\Desktop\HitmanPro.lnk
2012-11-18 13:07 - 2012-11-18 13:07 - 00002217 ____A C:\Users\Curtis\Desktop\RKreport[9]_S_11182012_02d1507.txt
2012-11-18 12:59 - 2011-10-09 11:17 - 00090868 ____A C:\Windows\PFRO.log
2012-11-18 12:57 - 2012-11-18 12:40 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-11-18 12:51 - 2012-11-18 12:51 - 00002372 ____A C:\Users\Curtis\Desktop\RKreport[8]_D_11182012_02d1451.txt
2012-11-18 12:48 - 2012-07-29 09:33 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001UA.job
2012-11-18 12:40 - 2012-11-18 12:40 - 00000000 ____D C:\Program Files\HitmanPro
2012-11-18 12:39 - 2012-11-18 12:39 - 09105176 ____A (SurfRight B.V.) C:\Users\Curtis\Desktop\HitmanPro36_x64.exe
2012-11-18 12:11 - 2009-07-13 21:08 - 00032556 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-11-18 12:06 - 2012-11-18 12:05 - 00025025 ____A C:\Users\Curtis\Desktop\FRST.txt
2012-11-18 12:05 - 2012-11-18 12:05 - 00000000 ____D C:\FRST
2012-11-18 12:04 - 2012-11-18 12:04 - 01461037 ____A (Farbar) C:\Users\Curtis\Desktop\FRST64.exe
2012-11-18 11:59 - 2012-11-18 11:59 - 00002326 ____A C:\Users\Curtis\Desktop\RKreport[6]_D_11182012_02d1359.txt
2012-11-18 11:58 - 2012-11-18 11:58 - 00002263 ____A C:\Users\Curtis\Desktop\RKreport[5]_S_11182012_02d1358.txt
2012-11-18 11:57 - 2012-11-18 08:35 - 00000000 ____D C:\Users\All Users\SecTaskMan
2012-11-18 11:56 - 2012-11-18 08:35 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2012-11-18 11:54 - 2012-11-18 11:48 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-11-18 11:47 - 2012-11-18 11:46 - 02213976 ____A (Kaspersky Lab ZAO) C:\Users\Curtis\Desktop\Killer.exe
2012-11-18 11:36 - 2012-11-18 11:36 - 00724992 ____A C:\Users\Curtis\Desktop\RogueKiller.exe
2012-11-18 11:09 - 2012-11-18 11:09 - 00000000 ____D C:\Users\Curtis\Desktop\AVG
2012-11-18 10:56 - 2012-09-28 17:29 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-18 08:40 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-18 08:35 - 2012-11-18 08:35 - 02095024 ____A C:\Users\Curtis\Desktop\SecurityTaskManager_Setup.exe
2012-11-18 08:31 - 2012-11-18 08:24 - 00000000 ____D C:\Users\Curtis\Documents\PC Cleaner
2012-11-18 08:14 - 2012-11-18 08:14 - 00000986 ____A C:\Users\Curtis\Desktop\PC Cleaner.lnk
2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\PC Cleaner
2012-11-18 08:14 - 2012-11-18 08:14 - 00000000 ____D C:\Program Files (x86)\PC Cleaner
2012-11-18 07:22 - 2011-10-24 16:31 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\uTorrent
2012-11-18 06:46 - 2012-08-07 14:37 - 00000990 ____A C:\Users\Curtis\Desktop\magicJack.lnk
2012-11-18 06:46 - 2011-10-07 15:28 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\mjusbsp
2012-11-18 06:44 - 2012-09-29 05:13 - 00327680 ____A C:\Windows\System32\Ikeext.etl
2012-11-18 06:37 - 2012-11-18 06:37 - 00001069 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Malwarebytes
2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-18 06:37 - 2012-11-18 06:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 06:36 - 2012-11-18 06:36 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Curtis\Desktop\mbam-setup-1.65.1.1000.exe
2012-11-18 06:32 - 2011-11-13 05:37 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-18 06:07 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-11-18 02:48 - 2012-07-29 09:33 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001Core.job
2012-11-17 22:10 - 2012-11-17 21:54 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
2012-11-17 22:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2012-11-17 22:04 - 2012-11-17 22:04 - 00000017 ____A C:\Users\Curtis\AppData\Local\resmon.resmoncfg
2012-11-17 06:27 - 2011-10-07 16:21 - 00059904 ____A C:\Users\Curtis\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-17 06:25 - 2012-08-05 06:00 - 00797184 __ASH C:\Users\Curtis\Desktop\Thumbs.db
2012-11-17 02:04 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-17 01:27 - 2012-03-21 14:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-17 01:26 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2012-11-17 01:01 - 2011-10-07 20:39 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 20:18 - 2012-11-15 20:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-10 05:34 - 2012-11-10 05:34 - 01803494 ___RA C:\Users\Curtis\My Money Backup_2012-11-10_073414.mbf
2012-11-10 05:34 - 2011-10-07 15:16 - 00000000 ____D C:\users\Curtis
2012-11-09 17:38 - 2011-10-07 15:18 - 00000000 ____D C:\Users\Curtis\AppData\Local\VirtualStore
2012-11-08 15:15 - 2012-01-02 08:52 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-08 15:15 - 2011-12-01 14:46 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-08 15:15 - 2011-10-10 07:50 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-07 16:41 - 2012-11-07 16:40 - 00000000 ____D C:\Users\All Users\AVG
2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 __SHD C:\Users\All Users\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-07 16:40 - 2012-11-07 16:40 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG
2012-11-07 16:40 - 2011-11-13 05:41 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-04 05:14 - 2012-11-04 05:14 - 01849084 ___RA C:\Users\Curtis\My Money Backup_2012-11-04_071431.mbf
2012-11-03 21:16 - 2012-11-01 15:33 - 00000000 ____D C:\Users\Curtis\AppData\Local\Avg2013
2012-11-02 17:21 - 2012-11-02 17:21 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\AVG2013
2012-11-02 17:20 - 2012-11-02 17:20 - 00000000 ___HD C:\$AVG
2012-11-02 15:37 - 2012-11-02 15:34 - 00000000 ____D C:\Program Files (x86)\Wars in America
2012-11-02 15:36 - 2012-11-02 15:36 - 00000907 ____A C:\Users\Curtis\Desktop\Wars in America.lnk
2012-11-02 14:57 - 2011-10-07 15:19 - 00000000 ____D C:\Users\Curtis\AppData\Roaming\Mozilla
2012-11-01 15:20 - 2012-11-01 15:20 - 01609524 ___RA C:\Users\Curtis\My Money Backup_2012-11-01_182026.mbf
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\LocalGoogle
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\LocalGoogle
2012-10-31 15:15 - 2012-10-31 15:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2012-10-27 07:10 - 2012-10-27 05:15 - 3136110070 ____A C:\Users\Curtis\Desktop\Men in Black 3 2012 720p BluRay x264-MgB.mp4
2012-10-22 11:02 - 2012-10-22 11:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-19 14:33 - 2012-10-19 14:33 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 14:33 - 2012-09-05 16:29 - 00000000 ____D C:\Program Files (x86)\Java

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-26 21:46:23
Restore point made on: 2012-11-01 15:28:36
Restore point made on: 2012-11-01 15:32:28
Restore point made on: 2012-11-01 15:33:52
Restore point made on: 2012-11-02 17:20:10
Restore point made on: 2012-11-02 17:20:32
Restore point made on: 2012-11-07 16:40:34
Restore point made on: 2012-11-16 18:25:39
Restore point made on: 2012-11-17 01:00:23
Restore point made on: 2012-11-18 06:05:42

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 3063.17 MB
Available physical RAM: 2475.95 MB
Total Pagefile: 3061.32 MB
Available Pagefile: 2455 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:596.17 GB) (Free:342.8 GB) NTFS
2 Drive d: () (Fixed) (Total:688.87 GB) (Free:290.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (PQSERVICE) (Fixed) (Total:9.77 GB) (Free:0.31 GB) NTFS
10 Drive l: () (Removable) (Total:7.6 GB) (Free:7.6 GB) FAT32
11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 698 GB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B
Disk 6 Online 7800 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 596 GB 1024 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 596 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 9 GB 31 KB
Partition 2 Primary 688 GB 9 GB

==================================================================================

Disk: 1
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E PQSERVICE NTFS Partition 9 GB Healthy Hidden

=========================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D NTFS Partition 688 GB Healthy

=========================================================

Partitions of Disk 6:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7799 MB 828 KB

==================================================================================

Disk: 6
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 L FAT32 Removable 7799 MB Healthy

=========================================================

Last Boot: 2012-11-15 18:43

==================== End Of Log =============================

Broni · Nov 18, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Curt Johnson · Nov 18, 2012

The fix seemed to work. No more warnings from AVG.

Curt Johnson · Nov 18, 2012

HKEY_LOCAL_MACHINE\System\ControlSet00\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
Could not move C:\Windows\assembly\GAC_64\Desktop.ini.

An error occurred while attempting to delete the specified data element.
Element not found.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Curt Johnson · Nov 18, 2012

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
Run by Curtis at 21:28:18 on 2012-11-18
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1877 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Serviio\bin\ServiioService.exe
C:\Program Files (x86)\Serviio\bin\ServiioService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\PC Cleaner\PCCSmartScan.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uURLSearchHooks: {efb1e45a-148d-40f9-a3f0-09d5577f9970} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [PC Cleaner] C:\Program Files (x86)\PC Cleaner\PCCLauncher.exe
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
LSP: mswsock.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{95E9B8D9-278A-42FE-AEEF-D8A7ED7294F0} : DHCPNameServer = 192.168.0.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files (x86)\TurboTax 2011\ic2011pp.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
SSODL: WebCheck - <orphaned>
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 validation.sls.microsoft.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Curtis\AppData\Roaming\Mozilla\Firefox\Profiles\3m74k8u2.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Users\Curtis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Curtis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Curtis\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-8-5 283200]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-11-18 108904]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 676936]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-7-27 474208]
R2 Serviio;Serviio;C:\Program Files (x86)\Serviio\bin\ServiioService.exe [2012-8-9 207872]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;C:\Windows\System32\drivers\hitmanpro36.sys [2012-11-18 30496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-18 25928]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50a64.sys [2012-3-20 46648]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver;C:\Windows\System32\drivers\PCASp50a64.sys [2012-3-20 45624]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-10-9 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-9 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-9 1255736]
.
=============== Created Last 30 ================
.
2012-11-19 03:19:13 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-11-18 20:40:43 -------- d-----w- C:\Program Files\HitmanPro
2012-11-18 20:40:28 -------- d-----w- C:\ProgramData\HitmanPro
2012-11-18 20:05:26 -------- d-----w- C:\FRST
2012-11-18 19:48:05 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-18 16:35:56 -------- d-----w- C:\ProgramData\SecTaskMan
2012-11-18 16:35:50 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-11-18 16:14:48 -------- d-----w- C:\Users\Curtis\AppData\Roaming\PC Cleaner
2012-11-18 16:14:42 -------- d-----w- C:\Program Files (x86)\PC Cleaner
2012-11-18 14:37:38 -------- d-----w- C:\Users\Curtis\AppData\Roaming\Malwarebytes
2012-11-18 14:37:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-18 14:37:27 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-18 14:37:27 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 06:08:32 220160 ----a-w- C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
2012-11-18 05:54:41 -------- d-----w- C:\Program Files (x86)\Mega Codec Pack
2012-11-17 09:07:30 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 09:07:29 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-17 09:07:29 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 09:07:29 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 09:00:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 09:00:48 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-17 09:00:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-17 09:00:48 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 09:00:48 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-17 09:00:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 09:00:48 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-16 04:18:13 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-11-08 00:41:17 35192 ----a-w- C:\Windows\System32\TURegOpt.exe
2012-11-08 00:41:16 26488 ----a-w- C:\Windows\System32\authuitu.dll
2012-11-08 00:41:16 21880 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-11-08 00:40:51 -------- d-----w- C:\Users\Curtis\AppData\Roaming\AVG
2012-11-08 00:40:18 -------- d-----w- C:\ProgramData\AVG
2012-11-08 00:40:14 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2012-11-03 01:21:29 -------- d-----w- C:\Users\Curtis\AppData\Roaming\AVG2013
2012-11-03 01:20:45 -------- d--h--w- C:\$AVG
2012-11-02 23:34:43 -------- d-----w- C:\Program Files (x86)\Wars in America
2012-11-02 22:34:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{54FA8C7B-34AE-42E7-A4F3-58B508FA5D80}\mpengine.dll
2012-11-01 23:33:44 -------- d-----w- C:\Users\Curtis\AppData\Local\Avg2013
2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
.
==================== Find3M ====================
.
2012-11-08 23:15:54 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-08 23:15:54 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 19:51:15 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-10-02 19:51:11 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-10-02 19:51:04 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-10-02 19:50:57 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-10-02 19:50:57 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-10-02 19:50:57 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-10-02 19:50:57 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-10-02 18:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-10-02 08:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-25 04:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-21 08:46:04 200032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00 225120 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-14 08:05:18 40800 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2012-09-06 00:29:34 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-06 00:29:34 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
.
============= FINISH: 21:29:19.28 ===============

Curt Johnson · Nov 18, 2012

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 10/7/2011 6:16:38 PM
System Uptime: 11/18/2012 9:18:42 PM (0 hours ago)
.
Motherboard: Gateway | | TBGM01
Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 1573/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 596 GiB total, 339.751 GiB free.
D: is FIXED (NTFS) - 689 GiB total, 290.931 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is CDROM (UDF)
K: is CDROM ()
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP162: 10/27/2012 12:46:06 AM - Scheduled Checkpoint
RP163: 11/1/2012 6:28:26 PM - Windows Update
RP164: 11/1/2012 6:32:24 PM - Removed AVG 2013
RP165: 11/1/2012 6:33:48 PM - Removed AVG 2013
RP166: 11/2/2012 8:19:56 PM - Installed AVG 2013
RP167: 11/2/2012 8:20:23 PM - Installed AVG 2013
RP168: 11/7/2012 6:40:23 PM - Installed AVG PC TuneUp
RP169: 11/16/2012 8:25:31 PM - Scheduled Checkpoint
RP170: 11/17/2012 3:00:13 AM - Windows Update
RP171: 11/18/2012 8:05:29 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
3D Landscape for Everyone
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
AVG 2013
AVG PC TuneUp
AVG PC TuneUp Language Pack (en-US)
Bit Che
BSC Cleanitol TM
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help French
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cities XL 2012
DAEMON Tools Lite
DHTML Editing Component
Diamond 11.6 2400-6900 Win7Vista
Galactic Civilizations II: Ultimate Edition
Google Drive
Google Talk Plugin
Google Update Helper
Grand Ages Rome 1.01
GVJackApp Release 1.051
HitmanPro 3.6
Hotel Giant 2
HydraVision
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 23 (64-bit)
LSI PCI-SV92EX Soft Modem
magicJack
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Help Viewer 1.1
Microsoft Money 2007 Home & Business
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server System CLR Types
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Shell (Isolated) - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Maintenance Service
NAM Hotfix Package 301 (13 April 2012)
NETGEAR XET1001 Powerline Encryption Utility
Network Addon Mod Version 30 with Essentials r132
Network Widening Mod Version 2.0.0
NVIDIA 3D Vision Controller Driver 306.97
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0604
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
PC Cleaner v3.1
PlayMemories Home
RealHighway Mod Version 5.0.0
RtR extension pack 11
Sanctum
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Serviio
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SpeedFan (remove only)
Star Trek Online
Street Addon Mod Beta v3
Stronghold 3 Gold
Stronghold Kingdoms
the LATEST VERSION OF THE GVJACKAPP
Traffic Simulator Configuration Tool
TurboTax 2011
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Wars in America 1.01e
WD Link
WinRAR 4.11 (32-bit)
Zoo Tycoon 2 - Extinct Animals
.
==== Event Viewer Messages From Past Week ========
.
11/18/2012 9:19:31 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
11/18/2012 9:19:31 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
11/18/2012 9:19:19 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/18/2012 9:19:16 PM, Error: Service Control Manager [7024] - The HitmanPro 3.6 Crusader (Boot) service terminated with service-specific error The operation completed successfully..
11/18/2012 9:19:15 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
11/18/2012 9:19:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/18/2012 9:19:14 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/18/2012 9:19:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/18/2012 9:18:43 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
11/18/2012 1:22:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "" in order to run the server: {FCA02D56-BF9D-4591-AD41-E59AF763C64A}
11/18/2012 1:21:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:20:46 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/18/2012 1:19:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/18/2012 1:19:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/18/2012 1:19:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/18/2012 1:18:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx Wanarpv6 WfpLwf
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:18:46 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2012 11:59:54 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
.
==== End Of File ===========================

Curt Johnson · Nov 18, 2012

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Curtis :: HOME [administrator]

Protection: Enabled

11/18/2012 9:23:01 PM
mbam-log-2012-11-18 (21-23-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224722
Time elapsed: 3 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Broni · Nov 18, 2012

Download RogueKiller on the desktop

Close all the running programs

Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Curt Johnson · Nov 19, 2012

I ram rogue killer and everything is clear.
Ran aswMBR and am including this. System seems fine. No more warnings from AVG. I changed all my passwords to be safe.

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 21:54:17
-----------------------------
21:54:17.991 OS Version: Windows x64 6.1.7601 Service Pack 1
21:54:17.991 Number of processors: 8 586 0x1A04
21:54:17.992 ComputerName: HOME UserName:
21:54:20.610 Initialize success
21:56:16.985 AVAST engine defs: 12111801
22:47:50.201 The log file has been saved successfully to "C:\Users\Curtis\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-18 21:54:17
-----------------------------
21:54:17.991 OS Version: Windows x64 6.1.7601 Service Pack 1
21:54:17.991 Number of processors: 8 586 0x1A04
21:54:17.992 ComputerName: HOME UserName:
21:54:20.610 Initialize success
21:56:16.985 AVAST engine defs: 12111801
22:47:50.201 The log file has been saved successfully to "C:\Users\Curtis\Desktop\aswMBR.txt"
22:47:59.291 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:47:59.293 Disk 0 Vendor: WDC_WD6400AAKS-65A7B0 01.03B01 Size: 610480MB BusType: 11
22:47:59.296 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP7T0L0-7
22:47:59.299 Disk 1 Vendor: Hitachi_HDS721075KLA330 GK8OA70M Size: 715404MB BusType: 11
22:47:59.311 Disk 0 MBR read successfully
22:47:59.314 Disk 0 MBR scan
22:47:59.319 Disk 0 unknown MBR code
22:47:59.327 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 610479 MB offset 2048
22:47:59.353 Disk 0 scanning C:\Windows\system32\drivers
22:48:09.458 Service scanning
22:48:29.021 Modules scanning
22:48:29.032 Disk 0 trace - called modules:
22:48:29.059 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
22:48:29.066 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003566790]
22:48:29.071 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa80032f5520]
22:48:29.081 5 ACPI.sys[fffff8800103a7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa80032ff060]
22:48:30.688 AVAST engine scan C:\Windows
22:48:33.104 AVAST engine scan C:\Windows\system32
22:51:21.971 AVAST engine scan C:\Windows\system32\drivers
22:51:32.479 AVAST engine scan C:\Users\Curtis
23:02:12.516 AVAST engine scan C:\ProgramData
23:03:12.304 Scan finished successfully
06:09:29.988 Disk 0 MBR has been saved successfully to "C:\Users\Curtis\Desktop\MBR.dat"
06:09:29.992 The log file has been saved successfully to "C:\Users\Curtis\Desktop\aswMBR.txt"

Broni · Nov 19, 2012

I need to see RogueKiller log.

Curt Johnson · Nov 20, 2012

Here's roguekiller log

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Curtis [Admin rights]
Mode : Scan -- Date : 11/20/2012 18:20:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 14 ¤¤¤
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001UA.job : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001Core.job : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] Google Updater and Installer : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001Core : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /c -> FOUND
[TASK][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-2824034696-86158339-4270657182-1001UA : C:\Users\Curtis\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[RUN][SUSP PATH] [ON_D:Curtis]HKCU[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][NOTFOUND] [ON_Default]HKCU[...]\Run : WindowsWelcomeCenter (rundll32.exe oobefldr.dll,ShowWelcomeCenter) -> FOUND
[RUN][SUSP PATH] [ON_D:Magic Jack]HKCU[...]\Run : cdloader ("C:\Users\Magic Jack\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Curtis\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Users\Magic Jack\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
--- User ---
[MBR] 77f4be617bead07f29eb512e576a7716
[BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
--- User ---
[MBR] b054222387f6a10d2ebe605a52ee6780
[BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11202012_02d1820.txt >>
RKreport[1]_S_11202012_02d1820.txt

Broni · Nov 20, 2012

You should get two RogueKiller logs.
One from from the 1st run, which you just posted and a second one after fixing stuff.

Curt Johnson · Nov 21, 2012

Sorry. I ran it again and here are the 2 logs.
RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Curtis [Admin rights]
Mode : Scan -- Date : 11/21/2012 19:10:51

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-2824034696-86158339-4270657182-1001[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Curtis\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Users\Magic Jack\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
--- User ---
[MBR] 77f4be617bead07f29eb512e576a7716
[BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
--- User ---
[MBR] b054222387f6a10d2ebe605a52ee6780
[BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11212012_02d1910.txt >>
RKreport[1]_S_11212012_02d1910.txt

And the fix. (2)

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Curtis [Admin rights]
Mode : Remove -- Date : 11/21/2012 19:11:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Curtis\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Curtis\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Users\Magic Jack\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
--- User ---
[MBR] 77f4be617bead07f29eb512e576a7716
[BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
--- User ---
[MBR] b054222387f6a10d2ebe605a52ee6780
[BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11212012_02d1911.txt >>
RKreport[1]_S_11212012_02d1910.txt ; RKreport[2]_D_11212012_02d1911.txt

Second one>

RogueKiller V8.3.1 [Nov 20 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Curtis [Admin rights]
Mode : Remove -- Date : 11/21/2012 19:11:22

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> D:\windows\system32\config\SOFTWARE
-> D:\Users\Curtis\NTUSER.DAT
-> D:\Users\Default\NTUSER.DAT
-> D:\Users\Default User\NTUSER.DAT
-> D:\Users\Magic Jack\NTUSER.DAT
-> D:\Documents and Settings\Default\NTUSER.DAT
-> D:\Documents and Settings\Default User\NTUSER.DAT
-> D:\Documents and Settings\UpdatusUser\NTUSER.DAT

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 validation.sls.microsoft.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B0 ATA Device +++++
--- User ---
[MBR] 77f4be617bead07f29eb512e576a7716
[BSP] 5c50dd19c2a1b0b2b927b4bc9e0bf4e4 : MBR Code unknown
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 610479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Hitachi HDS721075KLA330 ATA Device +++++
--- User ---
[MBR] b054222387f6a10d2ebe605a52ee6780
[BSP] 00a51acb07d317184b138dfa5e10d016 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 10001 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20484096 | Size: 705401 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_D_11212012_02d1911.txt >>
RKreport[1]_S_11212012_02d1910.txt ; RKreport[2]_D_11212012_02d1911.txt ; RKreport[3]_D_11212012_02d1911.txt

Broni · Nov 21, 2012

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

==============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.

Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

Broni · Nov 26, 2012

Still with me?

Broni · Dec 1, 2012

This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.

TechSpot

Welcome to TechSpot

[A] I've got win64/patched.A

Curt Johnson Newcomer, in training

Attached Files:

FRST.txt

Search.txt

Broni Malware Annihilator Posts: 39,398 +177

Curt Johnson Newcomer, in training

Curt Johnson Newcomer, in training

Broni Malware Annihilator Posts: 39,398 +177

Attached Files:

fixlist.txt

Curt Johnson Newcomer, in training

Curt Johnson Newcomer, in training

Curt Johnson Newcomer, in training

Curt Johnson Newcomer, in training

Curt Johnson Newcomer, in training

Broni Malware Annihilator Posts: 39,398 +177

Curt Johnson Newcomer, in training

Broni Malware Annihilator Posts: 39,398 +177

Curt Johnson Newcomer, in training

Broni Malware Annihilator Posts: 39,398 +177

Curt Johnson Newcomer, in training

Broni Malware Annihilator Posts: 39,398 +177

Broni Malware Annihilator Posts: 39,398 +177

Broni Malware Annihilator Posts: 39,398 +177

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.