Solved C:\Windows\svchost.exe

B

brandetwine

Posts: 37   +0
PC was operating fine and then without warning it just showed a blue screen with white writing and shut down. After it booted back up same thing once again. Ultimately once the computer stayed on long enough I downloaded Malwarebytes Anti-Malware along with AVG 2013 and ran both of those while in safe mode. I kept the text log of the results saved to my desktop. After rebooting PC normally the message from Malwarebytes Anti-Malware informing me that it had encountered a potential threat from C:\Windows\svchost.exe and gave me the option to quarantine it, which I did and rebooted again. Same Error. Please Can someone help me with this!
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
DDS.txt
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Carol at 13:48:12 on 2012-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6367 [GMT -5:00]
.
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [Google Update] "C:\Users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [EKStatusMonitor] C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\Carol\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: NameServer = 208.180.42.68 208.180.42.100 192.168.1.1
TCP: Interfaces\{B05EEB29-6F1C-476D-A84F-3F1591495A49} : DHCPNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j64d1ggv.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Carol\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-7-1 53488]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-28 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-18 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-18 676936]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-9-2 2735528]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-22 46136]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-18 25928]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-1 1152000]
R3 VST64_DPV;VST64_DPV;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-2 1255736]
S4 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2009-7-1 226832]
.
=============== Created Last 30 ================
.
2012-11-18 18:38:5820480----a-w-C:\Windows\svchost.exe
2012-11-18 15:16:47--------d-----w-C:\Users\Carol\AppData\Roaming\AVG2013
2012-11-18 15:13:21--------d-----w-C:\Users\Carol\AppData\Roaming\TuneUp Software
2012-11-18 15:11:51--------d--h--w-C:\$AVG
2012-11-18 15:11:51--------d-----w-C:\ProgramData\AVG2013
2012-11-18 15:10:42--------d-----w-C:\Program Files (x86)\AVG
2012-11-18 15:08:27--------d--h--w-C:\ProgramData\Common Files
2012-11-18 15:08:27--------d-----w-C:\Users\Carol\AppData\Local\MFAData
2012-11-18 15:08:27--------d-----w-C:\Users\Carol\AppData\Local\Avg2013
2012-11-18 15:08:27--------d-----w-C:\ProgramData\MFAData
2012-11-18 15:00:25--------d-----w-C:\Users\Carol\AppData\Roaming\Malwarebytes
2012-11-18 15:00:1325928----a-w-C:\Windows\System32\drivers\mbam.sys
2012-11-18 15:00:13--------d-----w-C:\ProgramData\Malwarebytes
2012-11-18 15:00:13--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-18 14:50:20--------d-----w-C:\Program Files (x86)\Phoenix Viewer
2012-11-17 08:09:099728----a-w-C:\Windows\System32\Wdfres.dll
2012-11-17 08:09:09785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
2012-11-17 08:09:0954376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
2012-11-17 08:09:092560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-17 08:00:5387040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
2012-11-17 08:00:5384992----a-w-C:\Windows\System32\WUDFSvc.dll
2012-11-17 08:00:5345056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
2012-11-17 08:00:53198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
2012-11-17 08:00:53194048----a-w-C:\Windows\System32\WUDFPlatform.dll
2012-11-17 08:00:51744448----a-w-C:\Windows\System32\WUDFx.dll
2012-11-17 08:00:51229888----a-w-C:\Windows\System32\WUDFHost.exe
2012-11-16 17:55:289291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A0A6016-6DCD-4BCA-AE24-7C8E00D89510}\mpengine.dll
2012-11-14 02:33:26--------d-----w-C:\Users\Carol\AppData\Local\avinationviewer
2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-12 04:18:24159744----a-w-C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-10 19:38:25--------d-----w-C:\Program Files (x86)\QAvimator
2012-11-10 03:09:41--------d-----w-C:\Program Files (x86)\Firestorm-Release
2012-10-30 20:25:15--------d-----w-C:\Users\Carol\AppData\Roaming\Blender Foundation
2012-10-30 20:14:15--------d-----w-C:\Program Files\Blender Foundation
2012-10-29 01:23:21--------d-----w-C:\ProgramData\Visan
2012-10-29 01:23:21--------d-----w-C:\ProgramData\PrintProjects
2012-10-29 01:23:21--------d-----w-C:\Program Files (x86)\PrintProjects
2012-10-29 01:21:30--------d-----w-C:\Windows\SysWow64\kodak
2012-10-29 00:29:50--------d-----w-C:\Users\Carol\AppData\Local\Mozilla
2012-10-29 00:29:06--------d-----w-C:\Program Files (x86)\Cisco Systems
2012-10-29 00:27:14--------d-----w-C:\ProgramData\Cisco Systems
2012-10-25 08:12:2694208----a-w-C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12:2669632----a-w-C:\Windows\SysWow64\QuickTime.qts
2012-10-22 18:02:44154464----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
.
==================== Find3M ====================
.
2012-11-07 03:54:5573656----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-07 03:54:55697272----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
2012-10-15 13:50:12122368----a-w-C:\Windows\System32\EKaio2WiaCoInst.dll
2012-10-15 13:50:1010240----a-w-C:\Windows\System32\EKaio2WiaCoInstRes.dll
2012-10-15 08:48:5063328----a-w-C:\Windows\System32\drivers\avgidsha.sys
2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:032312704----a-w-C:\Windows\System32\jscript9.dll
2012-10-08 11:23:521392128----a-w-C:\Windows\System32\wininet.dll
2012-10-08 11:22:551494528----a-w-C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22173056----a-w-C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35599040----a-w-C:\Windows\System32\vbscript.dll
2012-10-08 11:13:332382848----a-w-C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:241800704----a-w-C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:031129472----a-w-C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:441427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21420864----a-w-C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:562382848----a-w-C:\Windows\SysWow64\mshtml.tlb
2012-10-05 08:32:50111456----a-w-C:\Windows\System32\drivers\avgmfx64.sys
2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
2012-10-02 08:30:38185696----a-w-C:\Windows\System32\drivers\avgldx64.sys
2012-09-29 18:48:361793536----a-w-C:\Windows\System32\EKAiO2MON.dll
2012-09-29 18:48:24183808----a-w-C:\Windows\System32\EKAiO2COI10.dll
2012-09-25 22:47:4378336----a-w-C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:1795744----a-w-C:\Windows\System32\synceng.dll
2012-09-21 08:46:04200032----a-w-C:\Windows\System32\drivers\avgtdia.sys
2012-09-21 08:46:00225120----a-w-C:\Windows\System32\drivers\avgloga.sys
2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
2012-09-14 08:05:1840800----a-w-C:\Windows\System32\drivers\avgrkx64.sys
2012-09-04 15:39:3250296----a-w-C:\Windows\System32\drivers\avgfwd6a.sys
2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00245760----a-w-C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44362496----a-w-C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44243200----a-w-C:\Windows\System32\wow64.dll
2012-08-20 18:48:4413312----a-w-C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43215040----a-w-C:\Windows\System32\winsrv.dll
2012-08-20 18:48:3716384----a-w-C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35424448----a-w-C:\Windows\System32\KernelBase.dll
.
============= FINISH: 13:48:43.24 ===============

attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 9/22/2011 3:14:44 PM
System Uptime: 11/18/2012 1:36:51 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0F896N
Processor: AMD Phenom(tm) 8450e Triple-Core Processor | AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 448.402 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 7.959 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02E21028&REV_02\4&9CB6A98&0&0038
Manufacturer: Realtek
Name: Realtek RTL8102E/8103E Family PCI-E Fast Ethernet NIC (NDIS 6.0)
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_02E21028&REV_02\4&9CB6A98&0&0038
Service: RTL8169
.
==== System Restore Points ===================
.
RP71: 8/24/2012 5:34:43 PM - Windows Update
RP72: 8/24/2012 9:01:27 PM - Windows Update
RP73: 8/28/2012 8:25:15 PM - Windows Update
RP74: 9/1/2012 1:54:55 AM - Windows Update
RP75: 9/4/2012 9:23:10 PM - Windows Update
RP76: 9/5/2012 3:00:10 AM - Windows Update
RP77: 9/12/2012 3:02:26 AM - Windows Update
RP78: 9/12/2012 10:36:07 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP79: 9/13/2012 3:00:11 AM - Windows Update
RP80: 9/18/2012 12:00:11 AM - Restore Operation
RP81: 9/18/2012 12:07:23 AM - Windows Update
RP82: 9/18/2012 12:24:01 AM - Removed QuickTime
RP83: 9/18/2012 12:27:26 AM - Installed QuickTime
RP84: 9/18/2012 2:12:19 AM - Removed QuickTime
RP85: 9/18/2012 2:16:27 AM - Installed QuickTime
RP86: 9/18/2012 3:00:25 AM - Windows Update
RP87: 9/21/2012 9:19:55 PM - Windows Update
RP88: 9/22/2012 3:00:11 AM - Windows Update
RP89: 9/26/2012 1:36:58 AM - Windows Update
RP90: 9/26/2012 3:00:11 AM - Windows Update
RP91: 9/29/2012 1:08:24 PM - Windows Update
RP92: 10/3/2012 7:24:28 PM - Windows Update
RP93: 10/9/2012 8:43:20 PM - Windows Update
RP94: 10/10/2012 3:00:13 AM - Windows Update
RP95: 10/13/2012 9:29:29 PM - Removed HP Update.
RP96: 10/16/2012 5:11:34 PM - Windows Update
RP97: 10/19/2012 6:24:42 PM - Windows Update
RP98: 10/29/2012 1:22:14 AM - Windows Update
RP99: 11/2/2012 3:23:52 PM - Windows Update
RP100: 11/6/2012 4:59:04 PM - Windows Update
RP101: 11/9/2012 9:34:48 PM - Windows Update
RP102: 11/13/2012 9:32:01 PM - Installed Avination Viewer 0.3.2 FL III
RP103: 11/16/2012 6:16:23 AM - Windows Update
RP104: 11/17/2012 3:00:13 AM - Windows Update
RP105: 11/18/2012 9:46:16 AM - Removed Avination Viewer 0.3.2 FL III
RP106: 11/18/2012 10:10:22 AM - Installed AVG 2013
RP107: 11/18/2012 10:10:58 AM - Installed AVG 2013
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
AC3Filter 1.63b
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Community Help
Adobe CSI CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS4
Adobe Photoshop CS5
Adobe Reader 9
Adobe Setup
aioscnnr
AMD Catalyst Install Manager
AMD Fuel
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 6
AVG 2013
Blender
C4USelfUpdater
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help English
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
center
Choice Guard
Cisco Connect
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Dell-eBay
Dell Dock
Dell Driver Download Manager
Dell Edoc Viewer
Dell Getting Started Guide
Digital Line Detect
essentials
Firestorm-Release (remove only)
GIMP 2.8.2
Google Chrome
HP Update
Java Auto Updater
Java(TM) 6 Update 13 (64-bit)
Java(TM) 6 Update 32
Junk Mail filter update
Kodak AIO Printer
KODAK AiO Software
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Nikon Message Center 2
Nikon Movie Editor
ocr
PDF Settings CS5
Phoenix Viewer 1.6.0.1691
Picture Control Utility x64
Platform
PowerDVD
PreReq
PrintProjects
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Click to Call
Skype™ 5.10
Suite Shared Configuration CS4
TeamViewer 7
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VIA Platform Device Manager
ViewNX 2
Visual Studio 2010 x64 Redistributables
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR 4.20 (32-bit)
XP Codec Pack
Yahoo! Detect
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/18/2012 10:24:21 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 10:24:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/18/2012 10:24:16 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/18/2012 10:24:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/18/2012 10:24:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/18/2012 10:24:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/18/2012 10:23:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/18/2012 10:23:39 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002e7266b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111812-33212-01.
11/18/2012 10:23:33 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 10:23:32 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 10:23:31 AM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
11/18/2012 1:37:41 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/17/2012 12:52:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ec90c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-27144-01.
11/17/2012 12:49:10 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000000000dc, 0x0000000000000002, 0x0000000000000001, 0xfffff80002f020c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-27034-01.
11/17/2012 12:34:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x000000007fefe213, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ece0c5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111712-24336-01.
11/16/2012 10:36:29 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Carol-PC\Carol SID (S-1-5-21-3734378697-4225080175-1229890197-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/12/2012 2:37:18 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================

Malware report:
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Carol :: CAROL-PC [administrator]

Protection: Disabled

11/18/2012 10:51:36 AM
mbam-log-2012-11-18 (10-51-36).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 422657
Time elapsed: 44 minute(s), 52 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1188 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

********************************************

Download Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
I downloaded the Malwarebytes Anti-Rootkit and when I extracted it to my desktop and tried to run it I received this error : The program can't start because QtGui4.dll is missing from your computer. Try reinstalling the program to fix this problem.
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Ok on after the scan I did have 1 thing that needed to be cured and then I had to reboot. On startup I did not have to quarantine the svchost.exe so Im assuming thats a good sign :) and if I am not mistaken this is what you need to see

15:17:16.0565 5056 WinRM - ok
15:17:16.0611 5056 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:17:16.0612 5056 WinUsb - ok
15:17:16.0640 5056 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:17:16.0665 5056 Wlansvc - ok
15:17:16.0671 5056 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:17:16.0672 5056 WmiAcpi - ok
15:17:16.0702 5056 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:17:16.0706 5056 wmiApSrv - ok
15:17:16.0722 5056 WMPNetworkSvc - ok
15:17:16.0733 5056 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:17:16.0737 5056 WPCSvc - ok
15:17:16.0750 5056 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:17:16.0753 5056 WPDBusEnum - ok
15:17:16.0785 5056 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:17:16.0786 5056 ws2ifsl - ok
15:17:16.0795 5056 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:17:16.0799 5056 wscsvc - ok
15:17:16.0803 5056 WSearch - ok
15:17:16.0871 5056 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:17:16.0915 5056 wuauserv - ok
15:17:16.0963 5056 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:17:16.0964 5056 WudfPf - ok
15:17:17.0066 5056 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:17:17.0093 5056 WUDFRd - ok
15:17:17.0117 5056 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:17:17.0120 5056 wudfsvc - ok
15:17:17.0135 5056 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:17:17.0141 5056 WwanSvc - ok
15:17:17.0149 5056 ================ Scan global ===============================
15:17:17.0175 5056 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:17:17.0208 5056 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:17:17.0224 5056 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
15:17:17.0250 5056 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:17:17.0283 5056 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:17:17.0286 5056 [Global] - ok
15:17:17.0287 5056 ================ Scan MBR ==================================
15:17:17.0301 5056 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:17:17.0302 5056 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:17:17.0368 5056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:17:17.0368 5056 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:17:17.0369 5056 ================ Scan VBR ==================================
15:17:17.0384 5056 [ 7916EC1EFA4CD21B962FA8AC00FDC056 ] \Device\Harddisk0\DR0\Partition1
15:17:17.0385 5056 \Device\Harddisk0\DR0\Partition1 - ok
15:17:17.0389 5056 [ 2D0B1D17B2AFE2F8814F63972FC56674 ] \Device\Harddisk0\DR0\Partition2
15:17:17.0390 5056 \Device\Harddisk0\DR0\Partition2 - ok
15:17:17.0391 5056 ============================================================
15:17:17.0391 5056 Scan finished
15:17:17.0391 5056 ============================================================
15:17:17.0402 3752 Detected object count: 1
15:17:17.0402 3752 Actual detected object count: 1
15:19:07.0569 3752 \Device\Harddisk0\DR0\# - copied to quarantine
15:19:07.0571 3752 \Device\Harddisk0\DR0 - copied to quarantine
15:19:07.0601 3752 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:19:07.0603 3752 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:19:07.0615 3752 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:19:07.0621 3752 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:19:07.0622 3752 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:19:07.0623 3752 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:19:07.0625 3752 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:19:07.0627 3752 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:19:07.0629 3752 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:19:07.0631 3752 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:19:07.0633 3752 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:19:07.0634 3752 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
15:19:07.0637 3752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:19:07.0638 3752 \Device\Harddisk0\DR0 - ok
15:19:07.0667 3752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:19:13.0563 0180 Deinitialize success
 
Very well :)

Re-run MBAM and post new log.

Download fresh copy of Malwarebytes Anti-Rootkit and see if it'll run.
 
Ok downloaded a new copy and tried it again and same error on my last post I attempted to locate the file manually in my computer and there is a file called QtGui4.dll on my PC even though I am receiving this error and when I attempted to view the file my PC immediately went to a blue screen with some crash report and shut down. I don't know if you want this but I kept a text log of my AVG scan because there was 1 infected item at the top that will not resolve the information may be of value to what is going on. I have highlighted it in bold.

AVG LOG
"";"The file is signed with a broken digital signature, issued by: Dell Inc., C:\Users\Carol\Documents\Modem Diagnostic Tool";"Infected"
"";"IRP hook, \Driver\atapi IRP_MJ_WRITE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_SHUTDOWN -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_SET_SECURITY -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_SET_QUOTA -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_SET_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_SET_EA -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_QUERY_SECURITY -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_QUERY_QUOTA -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_QUERY_INFORMATION -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_POWER -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_PNP -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_LOCK_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_CREATE_NAMED_PIPE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_CREATE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"IRP hook, \Driver\atapi IRP_MJ_CLOSE -> 0xFFFFFA8007DD1674, <unknown>";"Reboot is required to finish the action"
"";"Trojan horse Generic30.WAV, C:\Windows\System32\csrss.exe (616)";"Secured"
"";"Trojan horse Generic30.WAV, C:\Windows\System32\csrss.exe (696)";"Secured"
"";"Trojan horse Generic30.WAV, C:\Windows\System32\svchost.exe (1084)";"Secured"
"";"Trojan horse Generic30.WAV, C:\Windows\System32\smss.exe (276)";"Secured"
 
Sorry I didn't make it very clear when I went back and read my post but I am still receiving the same error "The program can't start because QtGui4.dll is missing from your computer. Try reinstalling the program to fix this problem." when trying to run this file. And what my program is called is mbar.exe is that the same thing?
 
Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.18.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Carol :: CAROL-PC [administrator]

Protection: Enabled

11/18/2012 4:05:47 PM
mbam-log-2012-11-18 (17-04-00).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 414742
Time elapsed: 57 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\TDSSKiller_Quarantine\18.11.2012_15.16.58\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)
 
Your log says "No action taken".
Re-run MBAM, FIX all issues and post new log.

Now, regarding MBAR error...
I asked at MBAM forum and...
It's likely that the user failed to extract MBAR to its own folder and instead tried running it from the zip folder directly.
Click to expand...
Please let me know.
 
Ok the scan is halfway thru and I re-downloaded a new version of the MBAR can I go ahead with it while this scan is in progress or do I need to wait>
 
Yes my exact steps were to open the folder and extract it to my desktop... The only way I got it working was to get my friend to send me this file we both use about the same programs and I knew more than likely she would have it... Once she sent it to me through skype and I saved it, I re-downloaded a fresh version of MBAR and did the exact same steps and it now gives me no errors... this file was associated with Qavimatior she said
 
I'm very confused as what you're saying but since it'll work go ahead with fresh MBAM and then MBAR.
 
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

============================

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 12-11-16.02 - Carol 11/18/2012 18:48:52.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5852 [GMT -5:00]
Running from: c:\users\Carol\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-18 to 2012-11-18 )))))))))))))))))))))))))))))))
.
.
2012-11-18 23:53 . 2012-11-18 23:53--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-18 20:19 . 2012-11-18 20:19--------d-----w-C:\TDSSKiller_Quarantine
2012-11-18 18:56 . 2012-11-18 18:56--------d-----w-c:\users\Carol\AppData\Local\ElevatedDiagnostics
2012-11-18 15:16 . 2012-11-18 15:16--------d-----w-c:\users\Carol\AppData\Roaming\AVG2013
2012-11-18 15:13 . 2012-11-18 15:13--------d-----w-c:\users\Carol\AppData\Roaming\TuneUp Software
2012-11-18 15:11 . 2012-11-18 18:26--------d-----w-c:\programdata\AVG2013
2012-11-18 15:11 . 2012-11-18 15:11--------d-----w-C:\$AVG
2012-11-18 15:10 . 2012-11-18 15:10--------d-----w-c:\program files (x86)\AVG
2012-11-18 15:08 . 2012-11-18 22:01--------d-----w-c:\programdata\MFAData
2012-11-18 15:08 . 2012-11-18 15:26--------d-----w-c:\users\Carol\AppData\Local\Avg2013
2012-11-18 15:08 . 2012-11-18 15:08--------d--h--w-c:\programdata\Common Files
2012-11-18 15:08 . 2012-11-18 15:08--------d-----w-c:\users\Carol\AppData\Local\MFAData
2012-11-18 15:00 . 2012-11-18 15:00--------d-----w-c:\users\Carol\AppData\Roaming\Malwarebytes
2012-11-18 15:00 . 2012-11-18 15:00--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-18 15:00 . 2012-11-18 15:00--------d-----w-c:\programdata\Malwarebytes
2012-11-18 15:00 . 2012-09-30 00:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-18 14:50 . 2012-11-18 14:50--------d-----w-c:\program files (x86)\Phoenix Viewer
2012-11-17 08:09 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 08:09 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 08:09 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-17 08:09 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-17 08:00 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-17 08:00 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 08:00 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-17 08:00 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 08:00 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 08:00 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-17 08:00 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-16 17:55 . 2012-10-12 07:199291768----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{4A0A6016-6DCD-4BCA-AE24-7C8E00D89510}\mpengine.dll
2012-11-14 02:33 . 2012-11-17 03:57--------d-----w-c:\users\Carol\AppData\Local\avinationviewer
2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-11-12 04:18 . 2012-11-12 04:18159744----a-w-c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-11-12 04:18 . 2012-11-12 04:18--------d-----w-c:\program files (x86)\QuickTime
2012-11-12 04:18 . 2012-11-12 04:18--------d-----w-c:\programdata\Apple Computer
2012-11-10 19:38 . 2012-11-10 19:38--------d-----w-c:\program files (x86)\QAvimator
2012-11-10 03:09 . 2012-11-10 03:10--------d-----w-c:\program files (x86)\Firestorm-Release
2012-10-30 20:25 . 2012-10-30 20:25--------d-----w-c:\users\Carol\AppData\Roaming\Blender Foundation
2012-10-30 20:14 . 2012-10-30 20:14--------d-----w-c:\program files\Blender Foundation
2012-10-29 01:23 . 2012-10-29 01:23--------d-----w-c:\programdata\Visan
2012-10-29 01:23 . 2012-10-29 01:23--------d-----w-c:\programdata\PrintProjects
2012-10-29 01:23 . 2012-10-29 01:23--------d-----w-c:\program files (x86)\PrintProjects
2012-10-29 01:21 . 2012-10-29 01:21--------d-----w-c:\windows\SysWow64\kodak
2012-10-29 00:29 . 2012-10-29 00:29--------d-----w-c:\users\Carol\AppData\Local\Mozilla
2012-10-29 00:29 . 2012-10-29 00:29--------d-----w-c:\program files (x86)\Cisco Systems
2012-10-29 00:27 . 2012-10-29 00:27--------d-----w-c:\programdata\Cisco Systems
2012-10-25 08:12 . 2012-10-25 08:1294208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 08:12 . 2012-10-25 08:1269632----a-w-c:\windows\SysWow64\QuickTime.qts
2012-10-22 18:02 . 2012-10-22 18:02154464----a-w-c:\windows\system32\drivers\avgidsdrivera.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 08:01 . 2011-10-08 05:3566395536----a-w-c:\windows\system32\MRT.exe
2012-11-07 03:54 . 2012-06-28 04:49697272----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-07 03:54 . 2011-10-07 03:2773656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-15 13:50 . 2012-10-15 13:50122368----a-w-c:\windows\system32\EKaio2WiaCoInst.dll
2012-10-15 13:50 . 2012-10-15 13:5010240----a-w-c:\windows\system32\EKaio2WiaCoInstRes.dll
2012-10-15 08:48 . 2012-10-15 08:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
2012-10-05 08:32 . 2012-10-05 08:32111456----a-w-c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 08:30 . 2012-10-02 08:30185696----a-w-c:\windows\system32\drivers\avgldx64.sys
2012-09-29 18:48 . 2012-09-29 18:481793536----a-w-c:\windows\system32\EKAiO2MON.dll
2012-09-29 18:48 . 2012-09-29 18:48183808----a-w-c:\windows\system32\EKAiO2COI10.dll
2012-09-21 08:46 . 2012-09-21 08:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
2012-09-21 08:46 . 2012-09-21 08:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
2012-09-14 19:19 . 2012-10-10 00:432048----a-w-c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 00:432048----a-w-c:\windows\SysWow64\tzres.dll
2012-09-14 08:05 . 2012-09-14 08:0540800----a-w-c:\windows\system32\drivers\avgrkx64.sys
2012-09-04 15:39 . 2012-09-04 15:3950296----a-w-c:\windows\system32\drivers\avgfwd6a.sys
2012-08-31 18:19 . 2012-10-10 00:441659760----a-w-c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 00:445559664----a-w-c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 00:443968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 00:443914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 00:43220160----a-w-c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 00:43172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-18 04:09950128----a-w-c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-18 04:09376688----a-w-c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-18 04:09288624----a-w-c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 05:36245760----a-w-c:\windows\system32\OxpsConverter.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Nikon Message Center 2"="c:\program files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"EKStatusMonitor"="c:\program files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe" [2012-10-15 2844608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
.
c:\users\Carol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-07 5814392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-25 1255736]
R4 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2009-01-13 226832]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-11-14 53488]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-28 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-11-02 1340976]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-10-19 395200]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-10-15 779200]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-24 2735528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-04-28 1152000]
S3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-28 03:54]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3734378697-4225080175-1229890197-1000Core.job
- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 20:24]
.
2012-11-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3734378697-4225080175-1229890197-1000UA.job
- c:\users\Carol\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
TCP: DhcpNameServer = 208.180.42.68 208.180.42.100 192.168.1.1
FF - ProfilePath - c:\users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\j64d1ggv.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-RunOnce-Z1 - c:\users\Carol\AppData\Local\Temp\Rar$EXa0.960\mbar\mbar.exe
SafeBoot-41546512.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-18 18:55:58
ComboFix-quarantined-files.txt 2012-11-18 23:55
.
Pre-Run: 483,131,633,664 bytes free
Post-Run: 484,843,253,760 bytes free
.
- - End Of File - - 8466DDDD9E44A72415259784FAF3B6CF
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
795
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back