TechSpot

Serifef.ab and p

Solved
By Sistrunk
Dec 9, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Same issue if you try to boot to safe mode?
    What does exactly happen when you try to boot normally?
  2. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    When booting normally, the computer reboots itself just after the [microsoft corporation with loading animation] screen .
    During Safe mode it loaded the drivers, said please wait at the bottom and then rebooted as well.
  3. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    Try "Startup repair".
  4. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    To add, after reboot in both modes it boots to the "launch repair or start normally' screen
  5. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Ok trying that now
  6. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Completed startup repair but its still not booting
  7. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Post new FRST log.
  8. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-12-2012 (ATTENTION: FRST version is 16 days old)
    Ran by SYSTEM at 27-12-2012 17:22:04
    Running from F:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1584184 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [456192 2009-08-13] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
    HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-07] (COMODO)
    HKLM-x32\...\Run: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe" [378128 2010-01-14] (PC Tools)
    HKLM-x32\...\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
    HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972080 2008-09-30] (Hewlett-Packard)
    HKU\Jose\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Jose\...\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; WOW64; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; Media Center PC 5.0; .NET CLR 3.5.21022)" -"http://www.miniclip.com/games/alien-hive/en/" [460216 2009-03-19] (Adobe Systems, Inc.)
    HKU\Jose\...\Winlogon: [Shell] Explorer.exe
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: [NameServer]8.26.56.26,156.154.70.22
    Tcpip\..\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: [NameServer]8.26.56.26,156.154.70.22
    SubSystems: [Windows] ATTENTION! ====> ZeroAccess
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Scrybe.lnk
    ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)

    ==================== Services (Whitelisted) ===================

    2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [1054568 2010-03-27] (Acronis)
    2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-11-21] (Acronis)
    2 cmdAgent; "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" [2828408 2012-11-07] (COMODO)
    2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1853584 2012-09-28] ()
    2 HauppaugeTVServer; C:\PROGRA~2\WinTV\TVServer\HAUPPA~1.EXE [602624 2010-03-29] (Hauppauge Computer Works)
    2 jjtAutoLaunch; "C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe" [114688 2002-01-22] (Sound Devices, LLC)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-24] ()
    2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-10-06] ()
    2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-06-29] ()
    2 ScrybeUpdater; "C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe" [1300264 2011-05-27] (Synaptics, Inc.)
    2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe [240640 2009-08-13] (IDT, Inc.)
    2 ThreatFire; C:\Program Files (x86)\ThreatFire\TFService.exe service [70928 2010-01-14] (PC Tools)
    2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2008-09-24] ()
    2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2008-09-24] ()
    3 w7Svc; C:\Program Files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV [4999680 2011-07-27] (Moonware Studios)
    2 AGCoreService; "C:\Program Files (x86)\AGI\core\4.2.0.10753\AGCoreService.exe" [x]

    ==================== Drivers (Whitelisted) =====================

    1 cmdGuard; C:\Windows\System32\Drivers\cmdGuard.sys [584056 2012-11-07] (COMODO)
    1 cmdHlp; C:\Windows\System32\Drivers\cmdHlp.sys [45872 2012-11-07] (COMODO)
    3 hcw72ADFilter; C:\Windows\System32\Drivers\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 hcw72ATV; C:\Windows\System32\Drivers\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 hcw72DTV; C:\Windows\System32\Drivers\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.)
    3 libusb0; C:\Windows\SysWow64\Drivers\libusb0.sys [28672 2011-08-26] (http://libusb-win32.sourceforge.net)
    0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
    3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
    0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-11-21] (Acronis)
    0 TfFsMon; C:\Windows\System32\Drivers\TfFsMon.sys [65072 2010-01-14] (PC Tools)
    3 TfNetMon; C:\Windows\System32\Drivers\TfNetMon.sys [41888 2010-01-14] (PC Tools)
    0 TfSysMon; C:\Windows\System32\Drivers\TfSysMon.sys [59880 2010-01-14] (PC Tools)
    2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [27632 2008-09-25] (Cyberlink Corp.)
    4 eabfiltr; [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-12-11 17:46 - 2012-12-11 17:46 - 00000000 ____D C:\FRST
    2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
    2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
    2012-12-09 20:36 - 2012-12-09 20:40 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
    2012-12-09 20:34 - 2012-12-09 20:35 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
    2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
    2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
    2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
    2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
    2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com


    ==================== One Month Modified Files and Folders =======

    2012-12-18 19:21 - 2012-12-18 19:21 - 00000000 ____D C:\Windows\System32\config\HiveBackup
    2012-12-11 17:46 - 2012-12-11 17:46 - 00000000 ____D C:\FRST
    2012-12-09 23:02 - 2008-01-20 19:26 - 00193650 ____A C:\Windows\PFRO.log
    2012-12-09 23:01 - 2009-02-12 14:44 - 01831480 ____A C:\Windows\WindowsUpdate.log
    2012-12-09 23:01 - 2008-10-22 23:45 - 00000012 ____A C:\Windows\bthservsdp.dat
    2012-12-09 23:01 - 2006-11-02 07:42 - 00032628 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-12-09 23:01 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-12-09 23:01 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-12-09 23:00 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\tracing
    2012-12-09 22:04 - 2012-04-01 00:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Windows Live
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\Local Settings\Application Data\Windows Live
    2012-12-09 21:45 - 2012-09-25 21:20 - 00000000 ____D C:\Users\Jose\AppData\Local\Windows Live
    2012-12-09 20:48 - 2012-11-23 05:50 - 00000000 ____D C:\Users\Jose\{945e8b33-257c-47a6-a7b1-1bea1374f118}
    2012-12-09 20:48 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
    2012-12-09 20:48 - 2006-11-02 04:33 - 86245376 ____A C:\Windows\System32\config\software_previous
    2012-12-09 20:47 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
    2012-12-09 20:47 - 2006-11-02 04:33 - 26214400 ____A C:\Windows\System32\config\system_previous
    2012-12-09 20:41 - 2012-12-09 20:41 - 00003021 ____A C:\Users\Jose\Desktop\RKreport[2]_D_12092012_02d2341.txt
    2012-12-09 20:40 - 2012-12-09 20:36 - 00000000 ____D C:\Users\Jose\Desktop\RK_Quarantine
    2012-12-09 20:38 - 2012-12-09 20:38 - 00002918 ____A C:\Users\Jose\Desktop\RKreport[1]_S_12092012_02d2338.txt
    2012-12-09 20:35 - 2012-12-09 20:34 - 04732416 ____A (AVAST Software) C:\Users\Jose\Desktop\aswMBR.exe
    2012-12-09 20:34 - 2012-12-09 20:34 - 00753664 ____A C:\Users\Jose\Desktop\RogueKiller.exe
    2012-12-09 20:28 - 2006-11-02 04:33 - 00057344 ____A C:\Windows\System32\config\sam_previous
    2012-12-09 20:28 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security_previous
    2012-12-09 19:05 - 2006-11-02 04:46 - 00756338 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-12-09 19:03 - 2012-12-09 19:03 - 00015931 ____A C:\Users\Jose\Desktop\dds.txt
    2012-12-09 19:03 - 2012-12-09 19:03 - 00013584 ____A C:\Users\Jose\Desktop\attach.txt
    2012-12-09 18:54 - 2006-11-02 07:27 - 00189181 ____A C:\Windows\setupact.log
    2012-12-09 18:53 - 2012-12-09 18:53 - 00688992 ____R (Swearware) C:\Users\Jose\Desktop\dds.com
    2012-12-09 18:52 - 2012-12-09 18:52 - 00688992 ____A (Swearware) C:\Users\Jose\Downloads\dds.com
    2012-12-09 18:48 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\rescache
    2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Comodo
    2012-12-09 18:36 - 2012-11-23 05:47 - 00000000 ____D C:\Users\All Users\Application Data\Comodo
    2012-12-09 18:34 - 2009-03-01 17:29 - 00000000 ____D C:\users\Jose
    2012-12-09 18:32 - 2006-11-02 07:21 - 00325464 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-09 18:29 - 2006-11-02 07:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
    2012-12-09 18:28 - 2006-11-02 07:07 - 00000000 ____D C:\Program Files\Windows Journal
    2012-12-09 17:25 - 2006-11-02 04:33 - 55574528 ____A C:\Windows\System32\config\components_previous
    2012-12-09 17:25 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous


    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-10-08 22:26:41
    Restore point made on: 2012-10-10 22:42:47
    Restore point made on: 2012-11-12 00:44:20
    Restore point made on: 2012-11-19 20:39:37
    Restore point made on: 2012-11-21 16:06:14
    Restore point made on: 2012-11-21 16:35:25
    Restore point made on: 2012-11-22 01:58:39
    Restore point made on: 2012-11-22 09:16:18
    Restore point made on: 2012-11-22 13:57:29
    Restore point made on: 2012-11-22 14:42:25
    Restore point made on: 2012-11-22 16:23:52
    Restore point made on: 2012-11-23 05:18:55
    Restore point made on: 2012-11-23 05:51:24
    Restore point made on: 2012-12-09 15:07:43

    ==================== Memory info ===========================

    Percentage of memory in use: 32%
    Total physical RAM: 1789.02 MB
    Available physical RAM: 1209.86 MB
    Total Pagefile: 1535.46 MB
    Available Pagefile: 1183.55 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================

    1 Drive c: () (Fixed) (Total:285.18 GB) (Free:115.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (RECOVERY) (Fixed) (Total:12.9 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (My 1GB) (Removable) (Total:0.93 GB) (Free:0.75 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 298 GB 1024 KB
    Disk 1 Online 954 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 285 GB 1024 KB
    Partition 2 Primary 13 GB 285 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 285 GB Healthy

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D RECOVERY NTFS Partition 13 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 953 MB 4096 B

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0E
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 F My 1GB FAT Removable 953 MB Healthy

    =========================================================

    Last Boot: 2012-12-09 18:38

    ==================== End Of Log =============================
  9. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot normally.

    Attached Files:

  10. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Man you're good!! Finally a successful boot!
    Whats next?

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2012
    Ran by SYSTEM at 2012-12-27 17:34:41 Run:4
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.

    ==== End of Fixlog ====
  11. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Super!

    Hold on. I need to scroll back to see what's next...
     
  12. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Re-run RogueKiller and post new log.

    Next....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  13. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Wow, that was a long scan. But here she is.
    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-27 17:58:04
    -----------------------------
    17:58:04.348 OS Version: Windows x64 6.0.6002 Service Pack 2
    17:58:04.348 Number of processors: 2 586 0x301
    17:58:04.364 ComputerName: RYAN-LAPTOP UserName: Jose
    17:58:06.844 Initialize success
    18:01:39.017 AVAST engine defs: 12122701
    18:01:46.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    18:01:46.478 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 3
    18:01:46.630 Disk 0 MBR read successfully
    18:01:46.637 Disk 0 MBR scan
    18:01:46.651 Disk 0 unknown MBR code
    18:01:47.035 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 292028 MB offset 2048
    18:01:47.230 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13213 MB offset 598075392
    18:01:47.311 Disk 0 scanning C:\Windows\system32\drivers
    18:02:29.643 Service scanning
    18:03:41.335 Modules scanning
    18:03:41.355 Disk 0 trace - called modules:
    18:03:41.391 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    18:03:41.402 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005dcd790]
    18:03:41.414 3 CLASSPNP.SYS[fffffa6000a06c33] -> nt!IofCallDriver -> [0xfffffa8005cc31f0]
    18:03:41.429 5 hpdskflt.sys[fffffa6001fec2bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004d824b0]
    18:03:43.642 AVAST engine scan C:\Windows
    18:03:50.776 AVAST engine scan C:\Windows\system32
    18:15:19.264 AVAST engine scan C:\Windows\system32\drivers
    18:15:48.643 AVAST engine scan C:\Users\Jose
    20:01:01.622 AVAST engine scan C:\ProgramData
    20:22:56.732 Scan finished successfully
    20:39:22.262 Disk 0 MBR has been saved successfully to "C:\Users\Jose\Desktop\MBR.dat"
    20:39:22.274 The log file has been saved successfully to "C:\Users\Jose\Desktop\aswMBR.txt"
  14. Broni

    Broni Malware Annihilator Posts: 46,748   +254

  15. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    RogueKiller V8.4.1 [Dec 27 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/
    Operating
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 8 ¤¤¤
    [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:5555) -> NOT REMOVED, USE PROXYFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3} : NameServer (8.26.56.26,156.154.70.22) -> NOT REMOVED, USE DNSFIX
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA MK3252GSX ATA Device +++++
    --- User ---
    [MBR] b424df27bf04a85c6a2b283f75a9bf42
    [BSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba tatooed MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    Finished : << RKreport[4]_D_12272012_02d2100.txt >>
    RKreport[1]_S_12092012_02d2338.txt ; RKreport[2]_D_12092012_02d2341.txt ; RKreport[3]_S_12272012_02d2100.txt ; RKreport[4]_D_12272012_02d2100.txt
  16. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ==========================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  17. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Combofix doesnt seem to be running. Just says "output folder c:\3284093........
    Do I wait or try to restart?
  18. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Restart in safe mode and run it from there.
  19. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    ComboFix 12-12-28.02 - Jose 12/28/2012 17:37:11.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1789.679 [GMT -5:00]
    Running from: c:\users\Jose\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jose\AppData\Roaming\Desktopicon
    c:\users\Jose\AppData\Roaming\Desktopicon\config.ini
    c:\users\Jose\GoToAssistDownloadHelper.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\Downloaded Program Files\Install.inf
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\system
    c:\windows\SysWow64\WanPacket.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-12-28 23:49 . 2012-12-28 23:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-28 21:14 . 2012-12-28 21:14 50952 ----a-w- c:\windows\system32\certsentry.dll
    2012-12-28 21:14 . 2012-12-28 21:14 42760 ----a-w- c:\windows\SysWow64\certsentry.dll
    2012-12-28 01:44 . 2011-03-31 03:54 1227840 ----a-w- c:\windows\system32\drivers\AE1200vista64.sys
    2012-12-28 01:44 . 2011-03-31 03:54 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
    2012-12-28 01:44 . 2011-03-31 03:51 3900928 ----a-w- c:\windows\system32\bcmihvsrv64.dll
    2012-12-28 01:44 . 2011-03-31 03:51 3566592 ----a-w- c:\windows\system32\bcmihvui64.dll
    2012-12-28 01:44 . 2006-11-02 14:04 1919968 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
    2012-12-28 01:44 . 2007-11-05 12:23 40464 ----a-r- c:\windows\system32\drivers\npf.sys
    2012-12-12 01:46 . 2012-12-12 01:46 -------- d-----w- C:\FRST
    2012-12-10 02:57 . 2012-11-19 06:01 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{16EE3D4D-F76E-4F0C-A0BB-4B1533737393}\mpengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-29 00:04 . 2012-04-01 08:05 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-29 00:04 . 2011-09-05 05:37 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-23 13:35 . 2006-11-02 12:35 65309168 ----a-w- c:\windows\system32\mrt.exe
    2012-11-22 22:51 . 2012-11-22 22:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2012-11-22 22:51 . 2012-11-22 22:51 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-11-22 22:51 . 2012-11-22 22:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2012-11-22 22:51 . 2012-11-22 22:51 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-11-22 22:51 . 2012-11-22 22:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-11-22 22:51 . 2012-11-22 22:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2012-11-22 22:51 . 2012-11-22 22:51 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2012-11-22 22:51 . 2012-11-22 22:51 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2012-11-22 22:51 . 2012-11-22 22:51 367104 ----a-w- c:\windows\SysWow64\html.iec
    2012-11-22 22:51 . 2012-11-22 22:51 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2012-11-22 22:51 . 2012-11-22 22:51 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2012-11-22 22:51 . 2012-11-22 22:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2012-11-22 22:51 . 2012-11-22 22:51 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-11-22 22:51 . 2012-11-22 22:51 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2012-11-22 22:51 . 2012-11-22 22:51 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2012-11-22 22:51 . 2012-11-22 22:51 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-11-22 22:51 . 2012-11-22 22:51 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-11-22 22:51 . 2012-11-22 22:51 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-11-22 22:51 . 2012-11-22 22:51 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2012-11-22 22:51 . 2012-11-22 22:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2012-11-22 22:51 . 2012-11-22 22:51 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2012-11-22 22:51 . 2012-11-22 22:51 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-11-22 22:51 . 2012-11-22 22:51 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-11-22 22:51 . 2012-11-22 22:51 818176 ----a-w- c:\windows\system32\jscript.dll
    2012-11-22 22:51 . 2012-11-22 22:51 49664 ----a-w- c:\windows\system32\imgutil.dll
    2012-11-22 22:51 . 2012-11-22 22:51 267776 ----a-w- c:\windows\system32\ieaksie.dll
    2012-11-22 22:51 . 2012-11-22 22:51 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2012-11-22 22:51 . 2012-11-22 22:51 222208 ----a-w- c:\windows\system32\msls31.dll
    2012-11-22 22:51 . 2012-11-22 22:51 2136064 ----a-w- c:\windows\system32\iertutil.dll
    2012-11-22 22:51 . 2012-11-22 22:51 197120 ----a-w- c:\windows\system32\msrating.dll
    2012-11-22 22:51 . 2012-11-22 22:51 163840 ----a-w- c:\windows\system32\ieakui.dll
    2012-11-22 22:51 . 2012-11-22 22:51 145920 ----a-w- c:\windows\system32\iepeers.dll
    2012-11-22 22:51 . 2012-11-22 22:51 1389056 ----a-w- c:\windows\system32\wininet.dll
    2012-11-22 22:51 . 2012-11-22 22:51 136192 ----a-w- c:\windows\system32\advpack.dll
    2012-11-22 22:51 . 2012-11-22 22:51 1344000 ----a-w- c:\windows\system32\urlmon.dll
    2012-11-22 22:51 . 2012-11-22 22:51 12288 ----a-w- c:\windows\system32\mshta.exe
    2012-11-22 22:51 . 2012-11-22 22:51 114176 ----a-w- c:\windows\system32\admparse.dll
    2012-11-22 22:51 . 2012-11-22 22:51 96256 ----a-w- c:\windows\system32\mshtmled.dll
    2012-11-22 22:51 . 2012-11-22 22:51 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-11-22 22:51 . 2012-11-22 22:51 89088 ----a-w- c:\windows\system32\ie4uinit.exe
    2012-11-22 22:51 . 2012-11-22 22:51 85504 ----a-w- c:\windows\system32\iesetup.dll
    2012-11-22 22:51 . 2012-11-22 22:51 82432 ----a-w- c:\windows\system32\icardie.dll
    2012-11-22 22:51 . 2012-11-22 22:51 76800 ----a-w- c:\windows\system32\tdc.ocx
    2012-11-22 22:51 . 2012-11-22 22:51 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2012-11-22 22:51 . 2012-11-22 22:51 534528 ----a-w- c:\windows\system32\ieapfltr.dll
    2012-11-22 22:51 . 2012-11-22 22:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-11-22 22:51 . 2012-11-22 22:51 452608 ----a-w- c:\windows\system32\dxtmsft.dll
    2012-11-22 22:51 . 2012-11-22 22:51 448512 ----a-w- c:\windows\system32\html.iec
    2012-11-22 22:51 . 2012-11-22 22:51 403248 ----a-w- c:\windows\system32\iedkcs32.dll
    2012-11-22 22:51 . 2012-11-22 22:51 39936 ----a-w- c:\windows\system32\iernonce.dll
    2012-11-22 22:51 . 2012-11-22 22:51 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
    2012-11-22 22:51 . 2012-11-22 22:51 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2012-11-22 22:51 . 2012-11-22 22:51 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2012-11-22 22:51 . 2012-11-22 22:51 249344 ----a-w- c:\windows\system32\webcheck.dll
    2012-11-22 22:51 . 2012-11-22 22:51 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-11-22 22:51 . 2012-11-22 22:51 236544 ----a-w- c:\windows\system32\url.dll
    2012-11-22 22:51 . 2012-11-22 22:51 160256 ----a-w- c:\windows\system32\ieakeng.dll
    2012-11-22 22:51 . 2012-11-22 22:51 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-11-22 22:51 . 2012-11-22 22:51 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-11-22 22:51 . 2012-11-22 22:51 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2012-11-22 22:51 . 2012-11-22 22:51 10884096 ----a-w- c:\windows\system32\ieframe.dll
    2012-11-22 22:51 . 2012-11-22 22:51 10752 ----a-w- c:\windows\system32\msfeedssync.exe
    2012-11-22 22:51 . 2012-11-22 22:51 103936 ----a-w- c:\windows\system32\inseng.dll
    2012-11-22 22:51 . 2012-11-22 22:51 697344 ----a-w- c:\windows\system32\msfeeds.dll
    2012-11-22 22:51 . 2012-11-22 22:51 65024 ----a-w- c:\windows\system32\pngfilt.dll
    2012-11-22 22:51 . 2012-11-22 22:51 603648 ----a-w- c:\windows\system32\vbscript.dll
    2012-11-22 22:51 . 2012-11-22 22:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-11-22 22:51 . 2012-11-22 22:51 17773056 ----a-w- c:\windows\system32\mshtml.dll
    2012-11-22 22:51 . 2012-11-22 22:51 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-11-22 22:51 . 2012-11-22 22:51 165888 ----a-w- c:\windows\system32\iexpress.exe
    2012-11-22 22:51 . 2012-11-22 22:51 160256 ----a-w- c:\windows\system32\wextract.exe
    2012-11-22 22:51 . 2012-11-22 22:51 149504 ----a-w- c:\windows\system32\occache.dll
    2012-11-08 04:37 . 2012-11-08 04:37 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
    2012-11-08 04:37 . 2012-11-08 04:37 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-11-08 04:37 . 2012-11-08 04:37 45872 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-11-08 04:37 . 2012-11-08 04:37 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-11-08 04:37 . 2012-11-08 04:37 41240 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-11-08 04:37 . 2012-11-08 04:37 301264 ----a-w- c:\windows\SysWow64\guard32.dll
    2012-11-08 04:37 . 2012-11-08 04:37 390392 ----a-w- c:\windows\system32\guard64.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0BC6E3FA-78EF-4886-842C-5A1258C4455A}"= "mscoree.dll" [2009-11-08 297808]
    .
    [HKEY_CLASSES_ROOT\clsid\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
    [HKEY_CLASSES_ROOT\agihelper.AGUtils]
    [HKEY_CLASSES_ROOT\TypeLib\{647B16D8-AD7B-4983-82D7-82A270FC9E6D}]
    [HKEY_CLASSES_ROOT\agcutils.AGSearchHook]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0bc6e3fa-78ef-4886-842c-5a1258c4455a}]
    2009-11-08 14:55 297808 ----a-w- c:\windows\System32\mscoree.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}"= "mscoree.dll" [2009-11-08 297808]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c99b848-84cb-4ce4-8cd8-ed5719484d9f}]
    [HKEY_CLASSES_ROOT\UnifiedToolbar.UnifiedToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 94208 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2010-01-14 378128]
    "hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Scrybe.lnk - c:\windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe [2012-8-7 45056]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "midi8"=DMENDRV.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe [2009-03-02 89600]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-11-21 2480048]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-11-21 252512]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - NISDRV
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:04]
    .
    2011-03-04 c:\windows\Tasks\User_Feed_Synchronization-{6502C394-F919-4A3F-B8C5-AECEB5A77037}.job
    - c:\windows\system32\msfeedssync.exe [2012-11-22 22:51]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2009-12-09 01:19 97792 ----a-w- c:\users\Jose\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-08-13 456192]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-08 9577680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\Drivers32]
    "midi8"=DMENDRV.dll
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyServer = 127.0.0.1:5555
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: NameServer = 8.26.56.26,156.154.70.22
    TCP: Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: NameServer = 8.26.56.26,156.154.70.22
    DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
    DPF: {4DFE522A-5D3D-4711-9437-67E066BE1E6E} - hxxp://192.168.254.254/gc2/weblib.cab
    FF - ProfilePath - c:\users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://jvhpropheticgeneration.blogspot.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
    FF - ExtSQL: !HIDDEN! 2009-06-27 03:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Flash Player 10 ActiveX - c:\windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\uninstaller.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    AddRemove-{1793bdb7-d5c1-33be-97e2-7c3e60b6ab43} - c:\program files (x86)\AGI\core\4.2.0.10753\InstallerGUI.exe
    AddRemove-Cognitive Tutor - c:\windows\system32\javaws.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\w7Svc]
    "ImagePath"="c:\program files (x86)\webcam 7\wService.exe /startedbyscm:5053B757-40E35B3B-webcam7SRV"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ThreatFire]
    "AlternateImagePath"=""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Comodo\Dragon\dragon_updater.exe
    c:\progra~2\WinTV\TVServer\HAUPPA~1.EXE
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\SMINST\BLService.exe
    c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
    c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    c:\program files (x86)\ThreatFire\TFService.exe
    c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Synaptics\Scrybe\scrybe.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    c:\program files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    c:\program files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe
    c:\windows\SysWow64\perfhost.exe
    .
    **************************************************************************
    .
    Completion time: 2012-12-28 19:30:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-12-29 00:30
    .
    Pre-Run: 125,561,692,160 bytes free
    Post-Run: 127,109,648,384 bytes free
    .
    - - End Of File - - E045256C0C5F21DA7C05050B90EDC913
  20. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Looks good.

    How is computer doing?

    =========================

    I don't see any AV program running.
    What happened to MSE?

    =========================

    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    ===============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  21. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    Computer is doing better! Got my windows firewall back and rebooting no problem. My processor is running at 50% with no programs running and cannot open techspot with IE. Going to download and post back when done.
  22. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    # AdwCleaner v2.103 - Logfile created 12/28/2012 at 21:26:33
    # Updated 25/12/2012 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : Jose - RYAN-LAPTOP
    # Boot Mode : Normal
    # Running from : C:\Users\Jose\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\AGI
    Deleted on reboot : C:\Program Files (x86)\Kiwee Toolbar
    Deleted on reboot : C:\Program Files (x86)\vghd
    Deleted on reboot : C:\ProgramData\AGI
    Deleted on reboot : C:\ProgramData\Kiwee Toolbar
    Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kiwee Toolbar
    Deleted on reboot : C:\Users\Jose\AppData\LocalLow\AGI
    Deleted on reboot : C:\Users\Jose\AppData\LocalLow\AVG Security Toolbar
    Deleted on reboot : C:\Users\Jose\AppData\LocalLow\FunWebProducts
    Deleted on reboot : C:\Users\Jose\AppData\LocalLow\Kiwee Toolbar
    Deleted on reboot : C:\Users\Jose\AppData\LocalLow\MyWebSearch
    Deleted on reboot : C:\Users\Jose\AppData\LocalLow\ShoppingReport
    Deleted on reboot : C:\Users\Jose\AppData\Roaming\AGI
    Deleted on reboot : C:\Users\Jose\AppData\Roaming\iWin
    Deleted on reboot : C:\Users\Jose\AppData\Roaming\vghd
    File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\Users\Jose\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
    File Deleted : C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\searchplugins\Ask.xml
    File Deleted : C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\searchplugins\mywebsearch.xml
    File Deleted : C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerTrust\UnifiedToolbar.cfg

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AGI
    Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
    Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
    Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
    Key Deleted : HKLM\Software\AGI
    Key Deleted : HKLM\SOFTWARE\Classes\AG.MediaPlayerCOM
    Key Deleted : HKLM\SOFTWARE\Classes\agihelper.AGUtils
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A5461FCA-320C-4D6F-A150-A53823CE8142}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\contenthandler.dll
    Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection
    Key Deleted : HKLM\SOFTWARE\Classes\contenthandler.contentselection.1
    Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.KiweeToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.KiweeToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.ToolbarInfo
    Key Deleted : HKLM\SOFTWARE\Classes\KiweeIEToolbar.ToolbarInfo.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C7403C30-3644-43D8-A82F-4BD84B9682D9}
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E15D3C4-C6FC-4F02-B130-77CC5B1F09DB}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87A0B80B-5BA7-4CB0-9553-105D68777D60}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4260E0CC-0F75-462E-88A3-1E05C248BF4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E6375F37-E4D1-4F51-B651-4658C27AC5BF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E16A203-C0AA-4D44-ACC5-38A70A8C76DA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5663B370-F3C3-40D1-9C46-0E800AA4D0E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0BC6E3FA-78EF-4886-842C-5A1258C4455A}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [OK] Registry is clean.

    -\\ Mozilla Firefox v15.0.1 (en-US)

    File : C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\prefs.js

    C:\Users\Jose\AppData\Roaming\Mozilla\Firefox\Profiles\n5d31aq4.default\user.js ... Deleted !

    Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
    Deleted : user_pref("extensions.snipit.askTbInstalled", true);
    Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&[...]
    Deleted : user_pref("extensions.snipit.history_query", "FBGFV=ASKURL=hxxp://www.ask.com/web?q=FBGFV&qsrc=2871&[...]

    *************************

    AdwCleaner[S1].txt - [7247 octets] - [28/12/2012 21:26:33]

    ########## EOF - C:\AdwCleaner[S1].txt - [7307 octets] ##########
  23. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    OTL logfile created on: 12/28/2012 10:04:10 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jose\Desktop
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.75 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 57.47% Memory free
    7.71 Gb Paging File | 5.79 Gb Available in Paging File | 75.12% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 285.18 Gb Total Space | 114.91 Gb Free Space | 40.29% Space Free | Partition Type: NTFS
    Drive D: | 12.90 Gb Total Space | 2.02 Gb Free Space | 15.64% Space Free | Partition Type: NTFS

    Computer Name: RYAN-LAPTOP | User Name: Jose | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/12/28 22:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL(2).exe
    PRC - [2012/12/19 09:03:44 | 001,868,432 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2012/07/24 22:24:31 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
    PRC - [2012/07/16 10:28:42 | 008,167,336 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
    PRC - [2012/07/16 10:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    PRC - [2011/05/27 15:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
    PRC - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
    PRC - [2010/11/21 12:13:23 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe
    PRC - [2010/01/14 16:08:16 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFTray.exe
    PRC - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files (x86)\ThreatFire\TFService.exe
    PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
    PRC - [2008/09/24 21:08:26 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    PRC - [2008/09/24 21:08:26 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    PRC - [2002/01/22 09:28:32 | 000,114,688 | ---- | M] (Sound Devices, LLC) -- C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/11/07 23:37:40 | 002,828,408 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/07/16 15:03:58 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
    SRV:64bit: - [2009/08/13 17:09:38 | 000,240,640 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\STacSV64.exe -- (STacSV)
    SRV:64bit: - [2009/03/02 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_1b06afce\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/09/16 23:14:32 | 000,905,216 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
    SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2007/12/11 15:11:30 | 000,015,872 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\SysNative\agr64svc.exe -- (AgereModemAudio)
    SRV - [2012/12/28 19:04:53 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/19 09:03:44 | 001,868,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2012/09/20 19:45:09 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/24 22:24:31 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
    SRV - [2012/07/16 10:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
    SRV - [2011/07/27 14:27:48 | 004,999,680 | ---- | M] (Moonware Studios) [On_Demand | Stopped] -- C:\Program Files (x86)\webcam 7\wService.exe -- (w7Svc)
    SRV - [2011/05/27 15:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
    SRV - [2010/11/21 12:13:23 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
    SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/29 18:13:26 | 000,602,624 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
    SRV - [2010/03/27 16:09:22 | 001,054,568 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/14 16:08:12 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\ThreatFire\TFService.exe -- (ThreatFire)
    SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/09/24 21:08:26 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
    SRV - [2008/09/24 21:08:26 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
    SRV - [2008/01/20 21:47:00 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2008/01/20 21:47:00 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2002/01/22 09:28:32 | 000,114,688 | ---- | M] (Sound Devices, LLC) [Auto | Running] -- C:\Program Files (x86)\Sound Devices\USBPre\Services\jjtAutoLaunch.exe -- (jjtAutoLaunch)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/03/30 22:54:44 | 001,227,840 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\AE1200vista64.sys -- (Linksys_adapter)
    DRV:64bit: - [2010/11/21 12:13:25 | 000,252,512 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\afcdp.sys -- (afcdp)
    DRV:64bit: - [2010/11/21 12:13:16 | 001,477,728 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm258.sys -- (tdrpman258)
    DRV:64bit: - [2010/11/21 12:13:09 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
    DRV:64bit: - [2010/11/21 12:12:45 | 000,271,456 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
    DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/08/31 11:32:44 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rdpdispm.sys -- (RDPDISPM)
    DRV:64bit: - [2010/07/16 15:04:04 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
    DRV:64bit: - [2010/07/16 15:03:48 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
    DRV:64bit: - [2010/07/12 14:49:14 | 000,072,648 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2010/07/12 14:48:50 | 000,085,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2010/04/23 15:54:32 | 001,634,176 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcw72DTV.sys -- (hcw72DTV)
    DRV:64bit: - [2010/04/23 15:50:40 | 001,631,488 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcw72ATV.sys -- (hcw72ATV)
    DRV:64bit: - [2010/04/23 15:47:46 | 000,038,656 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hcw72ADFilter.sys -- (hcw72ADFilter)
    DRV:64bit: - [2010/01/14 16:08:34 | 000,059,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfSysMon.sys -- (TfSysMon)
    DRV:64bit: - [2010/01/14 16:08:32 | 000,041,888 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TfNetMon.sys -- (TfNetMon)
    DRV:64bit: - [2010/01/14 16:08:30 | 000,065,072 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TfFsMon.sys -- (TfFsMon)
    DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
    DRV:64bit: - [2009/08/13 17:09:38 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV:64bit: - [2009/04/11 00:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2008/10/03 17:17:30 | 000,184,320 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
    DRV:64bit: - [2008/09/17 00:01:26 | 004,709,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2008/07/21 05:53:04 | 000,145,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
    DRV:64bit: - [2008/05/28 20:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2008/04/28 04:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
    DRV:64bit: - [2008/04/27 14:09:18 | 001,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
    DRV:64bit: - [2008/04/16 13:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2008/02/29 18:59:32 | 001,252,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2008/01/24 08:24:24 | 000,060,928 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
    DRV:64bit: - [2008/01/20 21:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
    DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
    DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
    DRV:64bit: - [2006/10/03 20:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
    DRV - [2011/08/26 10:19:18 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
    DRV - [2008/09/26 02:36:34 | 000,027,632 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
    IE - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


    IE - HKU\.DEFAULT\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{42B8DA5F-2579-4D7F-A302-DF5682506D03}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{934BCD49-C81A-4ED0-86DF-56EE1B6DA341}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IEFM1&src=IE-SearchBox
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5555

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://jvhpropheticgeneration.blogspot.com/"
    FF - prefs.js..extensions.enabledAddons: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.2.1
    FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.16.0
    FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files (x86)\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\unifiedtoolbar@aginteractive.com: C:\Program Files (x86)\UnifiedToolbar\3.2\Firefox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/28 21:26:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/24 19:19:08 | 000,000,000 | ---D | M]

    [2009/03/02 23:44:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\mozilla\Extensions
    [2012/10/25 18:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions
    [2010/07/02 15:23:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/07/12 21:13:52 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2012/08/06 18:03:20 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Jose\AppData\Roaming\mozilla\Firefox\Profiles\n5d31aq4.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
    [2009/05/29 14:06:19 | 000,002,354 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-live-search.xml
    [2010/05/12 15:09:17 | 000,002,037 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-toolbar.xml
    [2011/12/12 23:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/09/20 19:45:09 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2008/09/03 19:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll
    [2012/01/31 06:12:14 | 000,365,568 | ---- | M] (Navionics) -- C:\Program Files (x86)\mozilla firefox\plugins\npNavIn.dll
    [2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npyaxmpb.dll
    [2012/09/20 19:45:06 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/09/20 19:45:06 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/12/28 18:58:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe (PC Tools)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
    O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {4DFE522A-5D3D-4711-9437-67E066BE1E6E} http://192.168.254.254/gc2/weblib.cab (IPLWebV4 Control)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{117FB9A4-AC77-4B87-888C-04DCEBA4D039}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C8822D5-7D54-4BE8-B6EF-DEA9659094A3}: NameServer = 8.26.56.26,156.154.70.22
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DE93D3D-068E-4229-9863-146242C6A5F5}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/12/28 22:01:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL(2).exe
    [2012/12/28 19:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jose\Desktop\Souswitch
    [2012/12/28 19:31:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/12/28 18:59:13 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/12/28 17:27:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/12/28 17:27:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/12/28 17:27:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/12/28 17:25:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/12/28 17:23:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/12/28 17:20:31 | 005,014,093 | R--- | C] (Swearware) -- C:\Users\Jose\Desktop\ComboFix.exe
    [2012/12/28 16:14:27 | 000,054,024 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2012/12/28 16:14:27 | 000,045,832 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2012/12/27 20:44:22 | 000,040,464 | R--- | C] (CACE Technologies) -- C:\Windows\SysNative\drivers\npf.sys
    [2012/12/11 20:46:54 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/12/09 23:36:31 | 000,000,000 | ---D | C] -- C:\Users\Jose\Desktop\RK_Quarantine
    [2012/12/09 23:34:48 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Jose\Desktop\aswMBR.exe
    [2012/12/09 21:53:45 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jose\Desktop\dds.com
    [1 C:\Users\Jose\Desktop\*.tmp files -> C:\Users\Jose\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/12/28 22:04:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/12/28 22:02:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jose\Desktop\OTL(2).exe
    [2012/12/28 21:31:13 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2012/12/28 21:30:39 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2012/12/28 21:30:39 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/12/28 21:30:36 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/12/28 21:30:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/12/28 21:28:53 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/12/28 20:18:11 | 000,000,104 | ---- | M] () -- C:\Users\Jose\Computer - Shortcut.lnk
    [2012/12/28 19:36:01 | 000,045,832 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
    [2012/12/28 19:36:00 | 000,054,024 | ---- | M] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
    [2012/12/28 19:00:51 | 000,756,338 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/12/28 19:00:51 | 000,640,870 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/12/28 19:00:51 | 000,119,090 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/12/28 18:58:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/12/28 17:20:50 | 005,014,093 | R--- | M] (Swearware) -- C:\Users\Jose\Desktop\ComboFix.exe
    [2012/12/27 20:46:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AE1200vista64_01005.Wdf
    [2012/12/27 20:39:22 | 000,000,512 | ---- | M] () -- C:\Users\Jose\Desktop\MBR.dat
    [2012/12/27 17:57:35 | 000,002,451 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
    [2012/12/09 23:35:11 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Jose\Desktop\aswMBR.exe
    [2012/12/09 23:34:18 | 000,753,664 | ---- | M] () -- C:\Users\Jose\Desktop\RogueKiller.exe
    [2012/12/09 21:53:45 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jose\Desktop\dds.com
    [2012/12/09 21:32:09 | 000,325,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [1 C:\Users\Jose\Desktop\*.tmp files -> C:\Users\Jose\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/12/28 20:18:11 | 000,000,104 | ---- | C] () -- C:\Users\Jose\Computer - Shortcut.lnk
    [2012/12/28 17:27:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/12/28 17:27:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/12/28 17:27:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/12/28 17:27:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/12/28 17:27:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/12/27 20:46:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_AE1200vista64_01005.Wdf
    [2012/12/27 20:39:22 | 000,000,512 | ---- | C] () -- C:\Users\Jose\Desktop\MBR.dat
    [2012/12/09 23:34:17 | 000,753,664 | ---- | C] () -- C:\Users\Jose\Desktop\RogueKiller.exe
    [2012/07/24 22:24:29 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
    [2012/02/23 08:37:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ShSerialLink.dll
    [2011/10/27 10:40:08 | 000,131,116 | ---- | C] () -- C:\Users\Jose\AppData\Roaming\Smaartimpulse.wav
    [2011/10/27 10:37:35 | 000,002,712 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cccaimgco.ini
    [2011/09/29 18:12:02 | 004,648,960 | ---- | C] () -- C:\Windows\SysWow64\ls9-qt-mt336.dll
    [2011/09/07 23:29:35 | 000,073,494 | ---- | C] () -- C:\Windows\hpqins16.dat
    [2011/06/26 13:17:36 | 000,751,744 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/05/19 21:28:54 | 000,002,691 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cckimgco.ini
    [2011/03/29 22:17:32 | 000,000,732 | ---- | C] () -- C:\Users\Jose\AppData\Local\d3d9caps64.dat
    [2011/02/24 07:52:06 | 000,002,798 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cceimgco.ini
    [2011/02/06 12:35:29 | 000,034,706 | ---- | C] () -- C:\Windows\Irremote.ini
    [2011/02/06 12:35:03 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2011/02/06 12:35:03 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/02/06 12:34:06 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe
    [2011/02/06 12:33:01 | 000,003,568 | ---- | C] () -- C:\Windows\HCWPNP.INI
    [2011/01/22 17:41:10 | 000,281,152 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
    [2011/01/22 17:39:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
    [2010/03/23 20:45:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/03/13 21:07:12 | 000,042,306 | ---- | C] () -- C:\Users\Jose\AppData\Local\tmp321.JPG
    [2009/03/13 20:57:18 | 000,069,252 | ---- | C] () -- C:\Users\Jose\AppData\Local\tmp321.0
    [2009/03/07 08:10:09 | 000,088,064 | ---- | C] () -- C:\Users\Jose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/03/03 15:31:16 | 000,000,680 | ---- | C] () -- C:\Users\Jose\AppData\Local\d3d9caps.dat
    [2009/03/03 12:57:39 | 000,004,398 | ---- | C] () -- C:\Users\Jose\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\wbemess.dll

    ========== LOP Check ==========

    [2009/10/24 21:11:23 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Ableton
    [2010/11/21 12:20:21 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Acronis
    [2012/09/22 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Backup Tickets
    [2010/11/08 23:30:17 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\BitTorrent
    [2012/09/22 16:03:01 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Configuration
    [2012/11/13 20:37:37 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\DNA
    [2012/01/14 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Downloaded Installations
    [2012/11/13 20:33:10 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Dropbox
    [2009/05/24 19:40:33 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\FloodLightGames
    [2009/05/25 00:06:54 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\funkitron
    [2009/05/24 22:44:55 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Gamelab
    [2011/11/27 23:43:28 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Harman International
    [2010/07/09 17:08:33 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\LimeWire
    [2012/02/26 16:21:06 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\MA Lighting Technologies
    [2009/03/01 23:12:37 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\muvee Technologies
    [2010/04/24 09:54:00 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\ooVoo Details
    [2009/05/24 23:10:29 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\PlayFirst
    [2011/05/28 19:43:20 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Smaart
    [2010/11/08 21:09:10 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\SumatraPDF
    [2011/10/20 17:42:51 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\TeamViewer
    [2011/02/21 16:55:34 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Temp
    [2009/03/05 03:30:11 | 000,000,000 | ---D | M] -- C:\Users\Jose\AppData\Roaming\Template

    ========== Purity Check ==========



    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\system64] -> \systemroot\system32 -> Mount Point

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8

    < End of report >
  24. Broni

    Broni Malware Annihilator Posts: 46,748   +254

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE:64bit: - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKLM\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKU\.DEFAULT\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
      IE - HKU\S-1-5-18\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
      IE - HKU\S-1-5-19\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
      IE - HKU\S-1-5-20\..\URLSearchHook: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - No CLSID value found
      IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
      IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
      IE - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:5555
      FF - prefs.js..browser.search.defaultenginename: "Kiwee Toolbar"
      FF - prefs.js..browser.search.order.1: "Ask"
      [2009/05/29 14:06:19 | 000,002,354 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-live-search.xml
      [2010/05/12 15:09:17 | 000,002,037 | ---- | M] () -- C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-toolbar.xml
      O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
      O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found
      O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
      O3 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
      O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
      O15 - HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\..Trusted Ranges: Range2 ([http] in Trusted sites)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
      [2011/10/27 10:37:35 | 000,002,712 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cccaimgco.ini
      [2011/05/19 21:28:54 | 000,002,691 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cckimgco.ini
      [2011/02/24 07:52:06 | 000,002,798 | -H-- | C] () -- C:\Users\Jose\AppData\Local\cceimgco.ini
      [C:\Windows\system64] -> \systemroot\system32 -> Mount Point
      @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
      @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    =====================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  25. Sistrunk

    Sistrunk TS Rookie Topic Starter Posts: 70

    OTL fix stopped responding the first time but finished the second time. Continuing steps....
    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
    Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
    Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0BC6E3FA-78EF-4886-842C-5A1258C4455A} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BC6E3FA-78EF-4886-842C-5A1258C4455A}\ not found.
    Registry key HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B887F1-E634-4BCC-8BA4-6E91B16D2814}\ not found.
    HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Prefs.js: "Kiwee Toolbar" removed from browser.search.defaultenginename
    Prefs.js: "Ask" removed from browser.search.order.1
    File C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-live-search.xml not found.
    File C:\Users\Jose\AppData\Roaming\mozilla\firefox\profiles\n5d31aq4.default\searchplugins\kiwee-toolbar.xml not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
    Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\http not found.
    Registry value HKEY_USERS\S-1-5-21-2494761673-3651807285-2415238375-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range2\\http not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Starting removal of ActiveX control CabBuilder
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\CabBuilder\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\CabBuilder\ not found.
    File C:\Users\Jose\AppData\Local\cccaimgco.ini not found.
    File C:\Users\Jose\AppData\Local\cckimgco.ini not found.
    File C:\Users\Jose\AppData\Local\cceimgco.ini not found.
    Mount Point not found!
    Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
    Unable to delete ADS C:\ProgramData\Temp:A8ADE5D8 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Jose
    ->Temp folder emptied: 1262 bytes
    ->Temporary Internet Files folder emptied: 1703098633 bytes
    ->Java cache emptied: 122399207 bytes
    ->FireFox cache emptied: 68328732 bytes
    ->Flash cache emptied: 290555 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 531774 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33237 bytes
    RecycleBin emptied: 6742474 bytes

    Total Files Cleaned = 1,813.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Jose
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Jose
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 12292012_002655

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Jose\AppData\Local\Temp\ehmsas.txt not found!

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.