Infected

Inactive
By devin.graham44
Nov 19, 2012
  1. I have been having escalating problems with my computer until it has brought me here. I am sure that my computer has either a virus, malware or both. 1 The display color has been switching, shortly after start up and during use, to a display color that is warmer than thedisplay default. I have to go into the control panel to change it back if I want the correct color to show. 2 I am now not able to use Internet Explorer. I uninstalled and reinstalled it once alread. through the control panel. Before I tried to uninstall it, it was acting up after I changed the internet security settings. I have also had problems with Firefox reverting to a earlier version. Firefox was also blocked by Webroot SecureAnywhere that I have installed on my computer. Webroot has not found any malicious files or threats to date.
    From the beginning of owning my computer it has not been able to restore from a previous saved session and I would have to 'delete restoration data' and it would start normally. Sometimes it does restore a previous session but it takes several minutes for this to happen. When it doesn't it stops at the same screen where the microsoft logo colors swirl together upon starting.
    My system is running much slower than it was than when I first purchased it and I know it is because of software slowing it down that has been added because of negiligent internet use. I learned my lesson but now need some help! If you can help please let me know!
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 5-Step removal instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.19.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Devin :: DEVIN-ASUS [administrator]

    Protection: Enabled

    11/19/2012 10:29:53 PM
    mbam-log-2012-11-19 (22-29-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 251302
    Time elapsed: 3 minute(s), 59 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    2012/11/19 22:22:04 -0800DEVIN-ASUSDevinMESSAGEExecuting scheduled update: Daily
    2012/11/19 22:22:07 -0800DEVIN-ASUSDevinMESSAGEStarting protection
    2012/11/19 22:22:07 -0800DEVIN-ASUSDevinMESSAGEProtection started successfully
    2012/11/19 22:22:07 -0800DEVIN-ASUSDevinMESSAGEStarting IP protection
    2012/11/19 22:22:09 -0800DEVIN-ASUSDevinMESSAGEIP Protection started successfully
    2012/11/19 22:22:32 -0800DEVIN-ASUSDevinMESSAGEStarting database refresh
    2012/11/19 22:22:32 -0800DEVIN-ASUSDevinMESSAGEStopping IP protection
    2012/11/19 22:22:32 -0800DEVIN-ASUSDevinMESSAGEIP Protection stopped successfully
    2012/11/19 22:22:36 -0800DEVIN-ASUSDevinMESSAGEDatabase refreshed successfully
    2012/11/19 22:22:36 -0800DEVIN-ASUSDevinMESSAGEStarting IP protection
    2012/11/19 22:22:38 -0800DEVIN-ASUSDevinMESSAGEIP Protection started successfully
    2012/11/19 22:22:39 -0800DEVIN-ASUSDevinMESSAGEStarting database refresh
    2012/11/19 22:22:39 -0800DEVIN-ASUSDevinMESSAGEScheduled update executed successfully: database updated from version v2012.09.29.05 to version v2012.11.19.10
    2012/11/19 22:22:39 -0800DEVIN-ASUSDevinMESSAGEStopping IP protection
    2012/11/19 22:22:39 -0800DEVIN-ASUSDevinMESSAGEIP Protection stopped successfully
    2012/11/19 22:22:43 -0800DEVIN-ASUSDevinMESSAGEDatabase refreshed successfully
    2012/11/19 22:22:43 -0800DEVIN-ASUSDevinMESSAGEStarting IP protection
    2012/11/19 22:22:46 -0800DEVIN-ASUSDevinMESSAGEIP Protection started successfully
  5. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455
    Run by Devin at 22:37:16 on 2012-11-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.5337 [GMT -8:00]
    .
    AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Webroot\WRSA.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
    C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
    C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\viakaraokesrv.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Webroot\WRSA.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Devin\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskmgr.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = Preserve
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [AdobeBridge] <no file>
    mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
    mRun: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Devin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Devin\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Devin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Myst V
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{AEF0B07B-E945-4D6A-875D-8B11C86122C1} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{AEF0B07B-E945-4D6A-875D-8B11C86122C1}\144545838383 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{AEF0B07B-E945-4D6A-875D-8B11C86122C1}\37C6F627963756 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{AEF0B07B-E945-4D6A-875D-8B11C86122C1}\53F5D4F42554F5D494E455455435 : DHCPNameServer = 192.168.8.1 24.205.224.36 24.205.192.61
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://asus.msn.com
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Devin\AppData\Roaming\Mozilla\Firefox\Profiles\394cj38y.default\
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-2-15 16152]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-16 55856]
    R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2012-7-21 110672]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-22 30568]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-2-3 277120]
    R2 AsusUacSvc;Asus process privilege adjust service;C:\Program Files\ASUS\Rotation Desktop for G Series\AsusUacSvc.exe [2012-4-16 113840]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
    R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 FanChkService;Fan Filter Checker Service;C:\Program Files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [2012-1-20 45696]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
    R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-4-16 128280]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-4-16 161560]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-19 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-19 676936]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-1-28 382272]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-1-20 16128]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-16 363800]
    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2012-2-15 27760]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-8 711112]
    R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-7-21 729608]
    R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2012-4-16 17152]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-2-15 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-2-15 787736]
    R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-2-15 108656]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-19 25928]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-2-15 22800]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2012-2-15 2184816]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-5-26 71680]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
    S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
    S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-30 1432400]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-11 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-29 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
    .
    =============== Created Last 30 ================
    .
    2012-11-20 06:21:51--------d-----w-C:\Users\Devin\AppData\Roaming\Malwarebytes
    2012-11-20 06:21:09--------d-----w-C:\ProgramData\Malwarebytes
    2012-11-20 06:21:0725928----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-11-20 06:21:07--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-20 03:15:0669000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6ABCCAF-8E76-4D60-89B4-0A00487DD3AE}\offreg.dll
    2012-11-16 22:09:219291768----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E6ABCCAF-8E76-4D60-89B4-0A00487DD3AE}\mpengine.dll
    2012-11-15 20:43:35--------d-----w-C:\Users\Devin\AppData\Local\{EEEB7327-98FA-438C-854E-664FC4388C85}
    2012-11-14 11:06:47785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-14 11:06:472560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 11:06:469728----a-w-C:\Windows\System32\Wdfres.dll
    2012-11-14 11:06:4654376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-14 11:01:4387040----a-w-C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-14 11:01:4384992----a-w-C:\Windows\System32\WUDFSvc.dll
    2012-11-14 11:01:43744448----a-w-C:\Windows\System32\WUDFx.dll
    2012-11-14 11:01:4345056----a-w-C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 11:01:43229888----a-w-C:\Windows\System32\WUDFHost.exe
    2012-11-14 11:01:43198656----a-w-C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-14 11:01:43194048----a-w-C:\Windows\System32\WUDFPlatform.dll
    2012-11-09 05:28:0196224----a-w-C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
    2012-11-08 22:50:31--------d-----w-C:\Users\Devin\AppData\Local\{D9B2C5EC-FFC9-4717-BB9A-D48BAF948A2D}
    2012-11-02 22:36:43--------d-----w-C:\Users\Devin\AppData\Local\{D1EE7F85-3A1F-483A-9E1D-FD9524E0E339}
    2012-10-30 21:15:19--------d-----w-C:\Users\Devin\AppData\Local\{C32E8595-FC68-4472-997A-A16F172C1105}
    2012-10-30 18:49:57--------d-----w-C:\Users\Devin\AppData\Local\{28E5A9E3-B9D3-40B4-A3E6-A58F0A772C15}
    2012-10-29 19:48:15--------d-----w-C:\Users\Devin\AppData\Local\{6DA1A511-81B7-4478-A85C-F8477A26187A}
    2012-10-25 06:28:04163056----a-w-C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-10-24 03:57:41--------d-----w-C:\Users\Devin\AppData\Local\{E8A6B332-C80D-4A10-BD07-D7CE70AC2ED9}
    2012-10-23 22:32:02--------d-----w-C:\Users\Devin\AppData\Local\{87E89805-4172-40EC-9A8A-3346927A4047}
    2012-10-21 17:40:41--------d-----w-C:\Users\Devin\AppData\Local\RaaSForRevitAddin
    .
    ==================== Find3M ====================
    .
    2012-11-20 05:16:24380----a-w-C:\Users\Devin\AppData\Roaming\sp_data.sys
    2012-11-13 03:51:22150776----a-w-C:\Windows\SysWow64\WRusr.dll
    2012-11-13 03:51:22110672----a-w-C:\Windows\System32\drivers\WRkrn.sys
    2012-11-13 03:51:22103408----a-w-C:\Windows\System32\WRusr.dll
    2012-11-08 20:13:2030568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-18 18:25:583149824----a-w-C:\Windows\System32\win32k.sys
    2012-10-09 18:17:1355296----a-w-C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13226816----a-w-C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:3144032----a-w-C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31193536----a-w-C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-03 17:56:541914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:2170656----a-w-C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21303104----a-w-C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17246272----a-w-C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:1718944----a-w-C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16216576----a-w-C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:2418944----a-w-C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:2645568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-25 22:47:4378336----a-w-C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:1795744----a-w-C:\Windows\System32\synceng.dll
    2012-09-14 19:19:292048----a-w-C:\Windows\System32\tzres.dll
    2012-09-14 18:28:532048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-09-11 20:22:5473416----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-11 20:22:54696520----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-31 18:19:351659760----a-w-C:\Windows\System32\drivers\ntfs.sys
    2012-08-30 18:03:455559664----a-w-C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:023968880----a-w-C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:023914096----a-w-C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07220160----a-w-C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48172544----a-w-C:\Windows\SysWow64\wintrust.dll
    2012-08-22 18:12:40950128----a-w-C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40376688----a-w-C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33288624----a-w-C:\Windows\System32\drivers\FWPKCLNT.SYS
    .
    ============= FINISH: 22:38:10.57 ===============
  6. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    # AdwCleaner v2.008 - Logfile created 11/19/2012 at 22:54:52
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Devin - DEVIN-ASUS
    # Boot Mode : Normal
    # Running from : C:\Users\Devin\Downloads\adwcleaner (1).exe
    # Option [Search]
    ***** [Services] *****
    ***** [Files / Folders] *****
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Found : C:\Program Files (x86)\Ask.com
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\Users\C4\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\C4\AppData\LocalLow\AskToolbar
    Folder Found : C:\Users\Devin\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Devin\AppData\Local\Temp\avg@toolbar
    Folder Found : C:\Users\Devin\AppData\LocalLow\AskToolbar
    Folder Found : C:\Users\Devin\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Found : HKCU\Software\APN
    Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Found : HKCU\Software\Ask.com
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Found : HKLM\Software\APN
    Key Found : HKLM\Software\AskToolbar
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v16.0.2 (en-US)
    Profile name : default
    File : C:\Users\Devin\AppData\Roaming\Mozilla\Firefox\Profiles\394cj38y.default\prefs.js
    [OK] File is clean.
    Profile name : default
    File : C:\Users\C4\AppData\Roaming\Mozilla\Firefox\Profiles\sde06lnp.default\prefs.js
    Found : user_pref("browser.search.defaultengine", "Ask.com");
    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.search.order.1", "Ask.com");
    Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Found : user_pref("extensions.asktb.ff-original-keyword-url", "");
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Devin\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.8] : homepage = "hxxps://isearch.avg.com/?cid={1D5FD1E4-DBE9-4621-AC0E-0A2C115B6A33}&mid=ebc5aa0bc5ec47d0bd2545928fad11fc-d9486f1650a7a0d86acb9c100c6861a058adc84b&lang=en&ds=ft011&pr=sa&d=2012-07-22 01:18:04&v=12.1.0.20&sap=hp",
    Found [l.1443] : homepage = "hxxps://isearch.avg.com/?cid={1D5FD1E4-DBE9-4621-AC0E-0A2C115B6A33}&mid=ebc5aa0bc5ec47d0bd2545928fad11fc-d9486f1650a7a0d86acb9c100c6861a058adc84b&lang=en&ds=ft011&pr=sa&d=2012-07-22 01:18:04&v=12.1.0.20&sap=hp",
    File : C:\Users\C4\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Found [l.41] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
    Found [l.44] : keyword = "isearch.avg.com",
    Found [l.47] : search_url = "hxxps://isearch.avg.com/search?cid={1D5FD1E4-DBE9-4621-AC0E-0A2C115B6A33}&mid=ebc5aa0bc5ec47d0bd2545928fad11fc-d9486f1650a7a0d86acb9c100c6861a058adc84b&lang=en&ds=ft011&pr=sa&d=2012-07-22 01:18:04&v=12.2.5.32&sap=dsp&q={searchTerms}",
    *************************
    AdwCleaner[R1].txt - [9589 octets] - [19/11/2012 22:54:52]
    ########## EOF - C:\AdwCleaner[R1].txt - [9649 octets] ##########
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good job!

    Adware Cleaning

    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  8. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    ComboFix 12-11-20.02 - Devin 11/20/2012 23:53:28.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.5458 [GMT -8:00]
    Running from: c:\users\Devin\Downloads\ComboFix.exe
    AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\C4\g2mdlhlpx.exe
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0DA281E8-8E5D-4976-9836-444D3ADA6D7C}.xps
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{62273E5E-52F5-44CC-B99A-48D977EDB0A3}.xps
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{68F7DEB6-6433-4240-8C67-9A3459CB95CB}.xps
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{81154F25-C198-4412-BABE-E23D9AD4C5E8}.xps
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8FC4DE26-05D2-48D7-9CEF-01A6D244C5A7}.xps
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9E5E3D61-33A9-4170-96E9-3D339045F201}.xps
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D0AABDA1-BCE7-4ADC-96C4-DAD5A906132E}.xps
    c:\users\Devin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EB1CD01B-6BA9-4EE5-AB03-2D9B84C6FE12}.xps
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-20 16:04 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E146269-2272-4D5C-99D3-8F38460D5EF6}\mpengine.dll
    2012-11-20 06:21 . 2012-11-20 06:21--------d-----w-c:\users\Devin\AppData\Roaming\Malwarebytes
    2012-11-20 06:21 . 2012-11-20 06:21--------d-----w-c:\programdata\Malwarebytes
    2012-11-20 06:21 . 2012-11-20 06:21--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-20 06:21 . 2012-09-30 03:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-14 11:06 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-14 11:06 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 11:06 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-14 11:06 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-14 11:01 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-14 11:01 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-14 11:01 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-14 11:01 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-14 11:01 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-14 11:01 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-14 11:01 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2012-10-25 06:28 . 2012-10-25 06:28163056----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-21 07:21 . 2012-05-25 10:25380----a-w-c:\users\Devin\AppData\Roaming\sp_data.sys
    2012-11-19 20:42 . 2012-06-12 20:06380----a-w-c:\users\C4\AppData\Roaming\sp_data.sys
    2012-11-13 03:51 . 2012-07-22 02:40150776----a-w-c:\windows\SysWow64\WRusr.dll
    2012-11-13 03:51 . 2012-07-22 02:40110672----a-w-c:\windows\system32\drivers\WRkrn.sys
    2012-11-13 03:51 . 2012-07-22 02:40103408----a-w-c:\windows\system32\WRusr.dll
    2012-11-08 20:13 . 2012-07-22 08:1830568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-09-14 19:19 . 2012-10-10 16:302048----a-w-c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 16:302048----a-w-c:\windows\SysWow64\tzres.dll
    2012-09-11 20:22 . 2012-05-27 23:5973416----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-11 20:22 . 2012-05-27 23:59696520----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-31 18:19 . 2012-10-10 16:321659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 16:325559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 16:323968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 16:323914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05 . 2012-10-10 16:30220160----a-w-c:\windows\system32\wintrust.dll
    2012-08-24 16:57 . 2012-10-10 16:30172544----a-w-c:\windows\SysWow64\wintrust.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-11-08 20:131796552----a-w-c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 23:311514152----a-w-c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-16 5028464]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
    "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-05-23 84464]
    "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
    "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-04-16 3058304]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-10 729608]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-03 947808]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-30 766536]
    .
    c:\users\Devin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Devin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Registration Myst V [2012-8-19 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-17 549040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-05-26 71680]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-30 1432400]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-01-20 149504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-30 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-11-13 110672]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
    S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-03-27 113840]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [2012-01-20 45696]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-01-28 382272]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-01-20 16128]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-20 363800]
    S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
    S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-11-10 729608]
    S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
    S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
    S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-01-26 22800]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMPROTECTOR
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
    .
    2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
    .
    2012-11-19 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    2012-11-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
    @="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
    [HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
    @="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
    [HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
    @="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
    [HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
    @="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
    [HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 8.8.8.8 8.8.4.4 68.87.76.178
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Devin\AppData\Roaming\Mozilla\Firefox\Profiles\394cj38y.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-21 00:08:59
    ComboFix-quarantined-files.txt 2012-11-21 08:08
    .
    Pre-Run: 853,972,721,664 bytes free
    Post-Run: 858,071,994,368 bytes free
    .
    - - End Of File - - 405BD1399A7191631548E27773B91C13
  9. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    Log after running combofix I tried to disable webroot essentials and the program said its features were all off but combofix said they were on.. may need to do again because of that?

    adwcleaner I ran and pressed delete see below
  10. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    # AdwCleaner v2.008 - Logfile created 11/21/2012 at 00:19:30
    # Updated 17/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Devin - DEVIN-ASUS
    # Boot Mode : Normal
    # Running from : C:\Users\Devin\Downloads\adwcleaner.exe
    # Option [Delete]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\Program Files (x86)\Ask.com
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\C4\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\C4\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Devin\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Devin\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\Devin\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    ***** [Registry] *****
    Key Deleted : HKCU\Software\APN
    Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
    Key Deleted : HKCU\Software\Ask.com
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKLM\Software\APN
    Key Deleted : HKLM\Software\AskToolbar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
    Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16421
    [OK] Registry is clean.
    -\\ Mozilla Firefox v16.0.2 (en-US)
    Profile name : default
    File : C:\Users\Devin\AppData\Roaming\Mozilla\Firefox\Profiles\394cj38y.default\prefs.js
    [OK] File is clean.
    Profile name : default
    File : C:\Users\C4\AppData\Roaming\Mozilla\Firefox\Profiles\sde06lnp.default\prefs.js
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.search.order.1", "Ask.com");
    Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
    -\\ Google Chrome v [Unable to get version]
    File : C:\Users\Devin\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.8] : homepage = "hxxps://isearch.avg.com/?cid={1D5FD1E4-DBE9-4621-AC0E-0A2C115B6A33}&mid=ebc5aa0bc[...]
    Deleted [l.1443] : homepage = "hxxps://isearch.avg.com/?cid={1D5FD1E4-DBE9-4621-AC0E-0A2C115B6A33}&mid=ebc5aa0bc5ec[...]
    File : C:\Users\C4\AppData\Local\Google\Chrome\User Data\Default\Preferences
    Deleted [l.41] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
    Deleted [l.44] : keyword = "isearch.avg.com",
    Deleted [l.47] : search_url = "hxxps://isearch.avg.com/search?cid={1D5FD1E4-DBE9-4621-AC0E-0A2C115B6A33}&mid=e[...]
    *************************
    AdwCleaner[R1].txt - [9702 octets] - [19/11/2012 22:54:52]
    AdwCleaner[S3].txt - [9346 octets] - [21/11/2012 00:19:30]
    ########## EOF - C:\AdwCleaner[S3].txt - [9406 octets] ##########
  11. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    CCleaner Temporary Files Cleaning

    NOTE: If you already have this installed, you don't have to reinstall it.

    Please download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    • Double-click the CCleaner shortcut on the desktop to start the program.
    • A prompt will ask you if you want CCleaner to do a check to see what cookies it needs to keep. Allow that operation.
    • On the Cleaner tab, click on Run Cleaner on the bottom-right to run the program.
    • Important: Make sure that ALL browser windows are closed before selecting Run Cleaner, or it will ask if you want the program to close them for you (when you do this, all unsaved data may be lost in the browser).

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe
      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  12. devin.graham44

    devin.graham44 Newcomer, in training Topic Starter

    ComboFix 12-11-20.02 - Devin 11/25/2012 9:29.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8152.5811 [GMT -8:00]
    Running from: c:\users\Devin\Downloads\ComboFix.exe
    Command switches used :: c:\users\Devin\Downloads\CFScript.txt
    AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}
    SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
    .
    .
    2012-11-25 17:39 . 2012-11-25 17:39--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-11-25 17:39 . 2012-11-25 17:39--------d-----w-c:\users\Default\AppData\Local\temp
    2012-11-25 17:39 . 2012-11-25 17:39--------d-----w-c:\users\C4\AppData\Local\temp
    2012-11-25 16:57 . 2012-11-25 16:57--------d-----w-c:\program files\CCleaner
    2012-11-23 08:20 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A99651C-C59C-471D-B6FB-C371463809C3}\mpengine.dll
    2012-11-21 08:23 . 2012-11-25 17:38--------d-----w-c:\programdata\boost_interprocess
    2012-11-20 06:21 . 2012-11-20 06:21--------d-----w-c:\users\Devin\AppData\Roaming\Malwarebytes
    2012-11-20 06:21 . 2012-11-20 06:21--------d-----w-c:\programdata\Malwarebytes
    2012-11-20 06:21 . 2012-11-20 06:21--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-11-20 06:21 . 2012-09-30 03:5425928----a-w-c:\windows\system32\drivers\mbam.sys
    2012-11-14 11:06 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2012-11-14 11:06 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 11:06 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2012-11-14 11:06 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2012-11-14 11:01 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2012-11-14 11:01 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2012-11-14 11:01 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2012-11-14 11:01 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2012-11-14 11:01 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2012-11-14 11:01 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2012-11-14 11:01 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-11-25 17:38 . 2012-05-25 10:25380----a-w-c:\users\Devin\AppData\Roaming\sp_data.sys
    2012-11-19 20:42 . 2012-06-12 20:06380----a-w-c:\users\C4\AppData\Roaming\sp_data.sys
    2012-11-13 03:51 . 2012-07-22 02:40150776----a-w-c:\windows\SysWow64\WRusr.dll
    2012-11-13 03:51 . 2012-07-22 02:40110672----a-w-c:\windows\system32\drivers\WRkrn.sys
    2012-11-13 03:51 . 2012-07-22 02:40103408----a-w-c:\windows\system32\WRusr.dll
    2012-11-08 20:13 . 2012-07-22 08:1830568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2012-10-25 06:28 . 2012-10-25 06:28163056----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-09-14 19:19 . 2012-10-10 16:302048----a-w-c:\windows\system32\tzres.dll
    2012-09-14 18:28 . 2012-10-10 16:302048----a-w-c:\windows\SysWow64\tzres.dll
    2012-09-11 20:22 . 2012-05-27 23:5973416----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-11 20:22 . 2012-05-27 23:59696520----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-31 18:19 . 2012-10-10 16:321659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2012-08-30 18:03 . 2012-10-10 16:325559664----a-w-c:\windows\system32\ntoskrnl.exe
    2012-08-30 17:12 . 2012-10-10 16:323968880----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12 . 2012-10-10 16:323914096----a-w-c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3294208----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2012-02-18 3331312]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-16 5028464]
    "USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-07 291608]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
    "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-05-23 84464]
    "ACMON"="c:\program files (x86)\ASUS\Splendid\ACMON.exe" [2012-02-07 102568]
    "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-04-16 3058304]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    "WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-11-10 729608]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
    .
    c:\users\Devin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Devin\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Registration Myst V [2012-8-19 0]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2012-2-17 549040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-05-26 71680]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-30 1432400]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-01-20 149504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-30 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [2012-11-13 110672]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-03 277120]
    S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2011-03-27 113840]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
    S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-01-31 19232]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 FanChkService;Fan Filter Checker Service;c:\program files (x86)\ASUS\ASUS Fan Filter Checker\FanChkSrv.exe [2012-01-20 45696]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
    S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-01-20 128280]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-01-20 161560]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-01-28 382272]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-01-20 16128]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-01-20 363800]
    S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2012-01-10 27760]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
    S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-11-10 729608]
    S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
    S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [2012-01-30 17152]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
    S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
    S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
    S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys [2012-01-26 22800]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-01-10 2184816]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
    .
    2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 07:02]
    .
    2012-11-21 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    2012-11-25 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-15 00:3297792----a-w-c:\users\Devin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncExcl]
    @="{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}"
    [HKEY_CLASSES_ROOT\CLSID\{8D7FC74C-E409-42DF-8EEE-69D45FAE2F30}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncGreen]
    @="{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}"
    [HKEY_CLASSES_ROOT\CLSID\{6DA1ED92-315E-4D0B-B354-9D5F519DBA95}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncRed]
    @="{1914B27A-33C8-46F8-A1C2-F993268D4564}"
    [HKEY_CLASSES_ROOT\CLSID\{1914B27A-33C8-46F8-A1C2-F993268D4564}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_WrSyncYellow]
    @="{C14874EA-ACE4-4A47-8A81-18C4D1C40868}"
    [HKEY_CLASSES_ROOT\CLSID\{C14874EA-ACE4-4A47-8A81-18C4D1C40868}]
    2012-11-13 03:51103408----a-w-c:\windows\System32\WRusr.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-05-26 361984]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    "Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-06 415680]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://asus.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Devin\AppData\Roaming\Mozilla\Firefox\Profiles\394cj38y.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-11-25 09:41:49
    ComboFix-quarantined-files.txt 2012-11-25 17:41
    ComboFix2.txt 2012-11-21 08:09
    .
    Pre-Run: 860,617,334,784 bytes free
    Post-Run: 860,165,992,448 bytes free
    .
    - - End Of File - - 3FF9C028FB675D78E15F8F9892DC344F
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

    However, we'd like to still help. Please update us on the state of your PC.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.