Trojan:DOS/Alureon.E

Solved
By Piratekitty
Jan 3, 2013
Topic Status:
Not open for further replies.
  1. Last week I got a viruse that dissabled my USB ports and dvd/CD drive's and slowly took over my PC and I did evrything I could to try and get rid of it but when I scanned my PC using my (AVG virus scanner) it did not find a single thing so I decided to format my main conputer drive and reinatall Windows 7 to try and make a clean restart.
    After doing so I then went to Microsoft.com and downlaoded (Microsoft Secerety Essentials) to see if it worked better then AVG did but unfortonly it found the viruse that I had befor so that tells me reinstalling my windows 7 did no good at all.

    Mce keeps on telling me that it found Trojan:DOS/Alureon.E even after I clcik remove and restarted my PC after doing sl.
    it allso tells me...

    Security Essentials encountered the following error: Error code 0x800704ec. This program is blocked by group policy.
    Category: Trojan
    Description: This program is dangerouse and executes commands from an attacker.
    Recommended action: remove this softwhere immediately.
    Items:
    Boot:\Device\HarddiskVolume4
    Boot:\Device\HarddiskVolume4\
    Boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17)
    --------------------------------------------------
    When I run (Malwarebytes Anti-Malware) it dose not find anything.
    When I run Mcss it finds Trojan:DOS/Alureon.E it tells me it was partially removed so I restart my PC but the virus is still there.
    AVG finds nothing.

    can someone help me get rid of the Alureon.E ?
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
    Please review the 4-Step instructions and post the logs back here for my review.

    Also, include this scan:

    Download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
  3. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.02.02

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.7601.17514
    Tadpole :: TADPOLE-PC [administrator]

    Protection: Disabled

    1/1/2013 9:02:55 PM
    mbam-log-2013-01-01 (21-02-55).txt

    Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 261184
    Time elapsed: 7 minute(s), 14 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    # AdwCleaner v2.104 - Logfile created 01/03/2013 at 05:05:18
    # Updated 29/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Tadpole - TADPOLE-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Tadpole\Desktop\adwcleaner.exe
    # Option [Search]
    ***** [Services] *****
    ***** [Files / Folders] *****
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Claro LTD
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\iMesh Applications\Mediabar
    Folder Found : C:\Program Files (x86)\SaveAs
    Folder Found : C:\Program Files (x86)\Viewpoint
    Folder Found : C:\Program Files (x86)\WhiteSmoke_US_New_E1
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\InstallMate
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\ProgramData\Viewpoint
    Folder Found : C:\Users\Tadpole\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Tadpole\AppData\Local\Conduit
    Folder Found : C:\Users\Tadpole\AppData\Local\SwvUpdater
    Folder Found : C:\Users\Tadpole\AppData\LocalLow\AVG Secure Search
    Folder Found : C:\Users\Tadpole\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Tadpole\AppData\LocalLow\PriceGong
    Folder Found : C:\Users\Tadpole\AppData\LocalLow\shareazatoolbarguid
    Folder Found : C:\Users\Tadpole\AppData\LocalLow\WhiteSmoke_US_New_E1
    Folder Found : C:\Users\Tadpole\AppData\Roaming\Babylon
    Folder Found : C:\Users\Tadpole\AppData\Roaming\Claro
    Folder Found : C:\Users\Tadpole\AppData\Roaming\OpenCandy
    ***** [Registry] *****
    Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll
    Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll
    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\saveas\sprote~1.dll
    Key Found : HKCU\Software\APN DTX
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\shareazatoolbarguid
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New_E1
    Key Found : HKCU\Software\AppDataLow\SProtector
    Key Found : HKCU\Software\AppDataLow\Toolbar
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Claro LTD
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72A0F495-BA60-4524-827B-B36B8C18587A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADE92211-31DC-4775-85C0-75659B099DD3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72A0F495-BA60-4524-827B-B36B8C18587A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADE92211-31DC-4775-85C0-75659B099DD3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\shareazatoolbarguid
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\Claro LTD
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
    Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
    Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
    Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
    Key Found : HKLM\SOFTWARE\Classes\dnUpdate
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\Software\MetaStream
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Found : HKLM\Software\SP Global
    Key Found : HKLM\Software\SProtector
    Key Found : HKLM\Software\Viewpoint
    Key Found : HKLM\Software\WhiteSmoke_US_New_E1
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72A0F495-BA60-4524-827B-B36B8C18587A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADE92211-31DC-4775-85C0-75659B099DD3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl
    Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08DC9967-82DC-4223-959F-5332CEE0BDB5}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3995369E-EB1D-4ADC-AD4E-0CD72559D636}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADE92211-31DC-4775-85C0-75659B099DD3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A0F495-BA60-4524-827B-B36B8C18587A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADE92211-31DC-4775-85C0-75659B099DD3}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\shareazatoolbarguid
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New_E1 Toolbar
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\DataMngr
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
    Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
    Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{72A0F495-BA60-4524-827B-B36B8C18587A}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{72A0F495-BA60-4524-827B-B36B8C18587A}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{ADE92211-31DC-4775-85C0-75659B099DD3}]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
    ***** [Internet Browsers] *****
    -\\ Internet Explorer v9.0.8112.16457
    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=118658&tt=0113_4&babsrc=HP_ss&mntrId=aebe7ee0000000000000002268663b3c
    *************************
    AdwCleaner[R1].txt - [17801 octets] - [03/01/2013 04:44:32]
    AdwCleaner[R2].txt - [17860 octets] - [03/01/2013 04:45:37]
    AdwCleaner[R3].txt - [17921 octets] - [03/01/2013 04:46:40]
    AdwCleaner[R4].txt - [17982 octets] - [03/01/2013 04:48:25]
    AdwCleaner[R5].txt - [18043 octets] - [03/01/2013 05:01:47]
    AdwCleaner[R6].txt - [18104 octets] - [03/01/2013 05:02:30]
    AdwCleaner[R7].txt - [18068 octets] - [03/01/2013 05:05:18]
    ########## EOF - C:\AdwCleaner[R7].txt - [18129 octets] ##########
  5. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    I am going to send the dss logs over in a .Zip file bc when I try to post ether 1 of them it keeps on telling me Please enter a message with no more than 50000 character

    Attached Files:

  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  7. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    ComboFix 13-01-03.05 - Tadpole 01/03/2013 11:51:55.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6301 [GMT -5:00]
    Running from: c:\users\Tadpole\Desktop\ComboFix.exe
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-03 17:00 . 2013-01-03 17:00--------d-----w-c:\users\Default\AppData\Local\temp
    2013-01-03 14:24 . 2013-01-03 14:2476232----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5A1BBC-3BC8-4FC2-9FD8-63584330827B}\offreg.dll
    2013-01-03 14:17 . 2013-01-03 14:17--------d-----w-c:\programdata\magicJack
    2013-01-03 11:54 . 2013-01-03 11:54--------d-----w-c:\windows\SysWow64\Wat
    2013-01-03 11:54 . 2013-01-03 11:54--------d-----w-c:\windows\system32\Wat
    2013-01-03 11:25 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
    2013-01-03 11:25 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
    2013-01-03 11:25 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2013-01-03 11:25 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
    2013-01-03 11:06 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
    2013-01-03 11:06 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
    2013-01-03 11:06 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
    2013-01-03 11:06 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
    2013-01-03 11:06 . 2010-09-30 10:41100864----a-w-c:\windows\system32\fontsub.dll
    2013-01-03 11:06 . 2010-09-30 06:4770656----a-w-c:\windows\SysWow64\fontsub.dll
    2013-01-03 11:05 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
    2013-01-03 11:05 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
    2013-01-03 11:05 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
    2013-01-03 11:05 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
    2013-01-03 11:05 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
    2013-01-03 11:05 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
    2013-01-03 11:05 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
    2013-01-03 11:03 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
    2013-01-03 11:03 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
    2013-01-03 11:03 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
    2013-01-03 11:03 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
    2013-01-03 11:03 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
    2013-01-03 07:28 . 2013-01-03 07:2830568----a-w-c:\windows\system32\drivers\avgtpx64.sys
    2013-01-03 05:50 . 2013-01-03 05:50--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-01-03 05:50 . 2012-12-15 00:4924176----a-w-c:\windows\system32\drivers\mbam.sys
    2013-01-03 04:54 . 2011-02-19 12:051139200----a-w-c:\windows\system32\FntCache.dll
    2013-01-03 04:54 . 2011-02-19 12:04902656----a-w-c:\windows\system32\d2d1.dll
    2013-01-03 04:54 . 2011-02-19 06:30739840----a-w-c:\windows\SysWow64\d2d1.dll
    2013-01-03 04:07 . 2013-01-03 04:06972264----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77FAD486-9AE0-476F-96B7-B4187EC95011}\gapaengine.dll
    2013-01-03 04:06 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5A1BBC-3BC8-4FC2-9FD8-63584330827B}\mpengine.dll
    2013-01-03 04:05 . 2013-01-03 04:05--------d-----w-c:\program files (x86)\Microsoft Security Client
    2013-01-03 04:05 . 2013-01-03 04:06--------d-----w-c:\program files\Microsoft Security Client
    2013-01-03 03:00 . 2013-01-03 03:00163056----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2013-01-02 11:33 . 2013-01-02 11:50--------d-----w-c:\programdata\Premium
    2013-01-02 11:32 . 2013-01-02 11:34--------d-----w-c:\programdata\WoW Worldwide Software LTD
    2013-01-02 11:31 . 2012-08-31 18:191659760----a-w-c:\windows\system32\drivers\ntfs.sys
    2013-01-02 11:29 . 2010-12-23 10:421118720----a-w-c:\windows\system32\sbe.dll
    2013-01-02 11:28 . 2011-10-26 05:2143520----a-w-c:\windows\system32\csrsrv.dll
    2013-01-02 11:28 . 2011-12-30 06:26515584----a-w-c:\windows\system32\timedate.cpl
    2013-01-02 11:28 . 2011-12-30 05:27478720----a-w-c:\windows\SysWow64\timedate.cpl
    2013-01-02 11:28 . 2011-02-24 06:15476160----a-w-c:\windows\system32\XpsGdiConverter.dll
    2013-01-02 11:28 . 2011-02-24 05:38288256----a-w-c:\windows\SysWow64\XpsGdiConverter.dll
    2013-01-02 11:28 . 2012-11-22 03:263149824----a-w-c:\windows\system32\win32k.sys
    2013-01-02 11:26 . 2012-06-02 04:4022016----a-w-c:\windows\SysWow64\secur32.dll
    2013-01-02 11:24 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll
    2013-01-02 11:23 . 2012-11-02 05:59478208----a-w-c:\windows\system32\dpnet.dll
    2013-01-02 11:23 . 2012-11-02 05:11376832----a-w-c:\windows\SysWow64\dpnet.dll
    2013-01-02 11:23 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
    2013-01-02 11:23 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
    2013-01-02 11:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
    2013-01-02 11:20 . 2011-01-17 11:09197120----a-w-c:\windows\system32\d3d10_1.dll
    2013-01-02 11:20 . 2011-01-17 05:47161792----a-w-c:\windows\SysWow64\d3d10_1.dll
    2013-01-02 11:20 . 2011-04-29 03:06467456----a-w-c:\windows\system32\drivers\srv.sys
    2013-01-02 11:20 . 2011-04-29 03:05410112----a-w-c:\windows\system32\drivers\srv2.sys
    2013-01-02 11:20 . 2011-04-29 03:05168448----a-w-c:\windows\system32\drivers\srvnet.sys
    2013-01-02 11:20 . 2011-08-17 05:26613888----a-w-c:\windows\system32\psisdecd.dll
    2013-01-02 11:20 . 2011-08-17 05:25108032----a-w-c:\windows\system32\psisrndr.ax
    2013-01-02 11:20 . 2011-08-17 04:24465408----a-w-c:\windows\SysWow64\psisdecd.dll
    2013-01-02 11:20 . 2011-08-17 04:1975776----a-w-c:\windows\SysWow64\psisrndr.ax
    2013-01-02 11:20 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
    2013-01-02 11:15 . 2011-12-28 03:59498688----a-w-c:\windows\system32\drivers\afd.sys
    2013-01-02 11:15 . 2012-03-17 07:5875120----a-w-c:\windows\system32\drivers\partmgr.sys
    2013-01-02 11:15 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
    2013-01-02 11:15 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
    2013-01-02 11:15 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll
    2013-01-02 11:15 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll
    2013-01-02 11:15 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
    2013-01-02 11:15 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
    2013-01-02 11:14 . 2011-02-05 17:1020352----a-w-c:\windows\system32\kdusb.dll
    2013-01-02 11:14 . 2011-02-05 17:1019328----a-w-c:\windows\system32\kd1394.dll
    2013-01-02 11:14 . 2011-02-05 17:1017792----a-w-c:\windows\system32\kdcom.dll
    2013-01-02 11:14 . 2011-02-05 17:06605552----a-w-c:\windows\system32\winload.exe
    2013-01-02 11:14 . 2011-02-05 17:06566208----a-w-c:\windows\system32\winresume.efi
    2013-01-02 11:14 . 2011-02-05 17:06518672----a-w-c:\windows\system32\winresume.exe
    2013-01-02 11:14 . 2011-02-05 17:10642944----a-w-c:\windows\system32\winload.efi
    2013-01-02 11:07 . 2011-11-19 14:5877312----a-w-c:\windows\system32\packager.dll
    2013-01-02 11:07 . 2011-11-19 14:0167072----a-w-c:\windows\SysWow64\packager.dll
    2013-01-02 11:00 . 2012-05-11 23:47119568----a-w-c:\windows\SysWow64\VB6FR.DLL
    2013-01-02 11:00 . 2012-05-11 23:47101888----a-w-c:\windows\SysWow64\VB6STKIT.DLL
    2013-01-02 11:00 . 2012-05-11 23:4732768----a-w-c:\windows\SysWow64\CMDLGFR.DLL
    2013-01-02 11:00 . 2012-05-11 23:47141312----a-w-c:\windows\SysWow64\MSCMCFR.DLL
    2013-01-02 10:58 . 2013-01-02 10:58--------d-----w-c:\programdata\Wincert
    2013-01-02 10:57 . 2013-01-03 13:25--------d-----w-c:\program files (x86)\iMesh Applications
    2013-01-02 10:49 . 2013-01-02 10:49--------dc----w-c:\windows\system32\DRVSTORE
    2013-01-02 10:49 . 2012-08-21 21:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-01-02 10:48 . 2013-01-02 10:48--------d-----w-c:\program files\iPod
    2013-01-02 10:48 . 2013-01-02 10:49--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-01-02 10:48 . 2013-01-02 10:49--------d-----w-c:\program files\iTunes
    2013-01-02 10:48 . 2013-01-02 10:49--------d-----w-c:\program files (x86)\iTunes
    2013-01-02 10:48 . 2013-01-02 10:48--------d-----w-c:\programdata\Apple Computer
    2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files (x86)\Apple Software Update
    2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files\Common Files\Apple
    2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files\Bonjour
    2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files (x86)\Bonjour
    2013-01-02 10:47 . 2013-01-02 10:48--------d-----w-c:\program files (x86)\Common Files\Apple
    2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\programdata\Apple
    2013-01-02 08:26 . 2013-01-02 08:26--------d-----w-C:\$AVG
    2013-01-02 08:11 . 2013-01-03 13:22--------d-----w-c:\program files (x86)\Common Files\AVG Secure Search
    2013-01-02 08:11 . 2013-01-02 08:11--------d--h--w-c:\programdata\Common Files
    2013-01-02 08:11 . 2013-01-02 08:11--------d-----w-c:\windows\SysWow64\drivers\AVG
    2013-01-02 08:10 . 2013-01-03 13:07--------d-----w-c:\windows\system32\drivers\AVG
    2013-01-02 08:10 . 2013-01-02 08:16--------d-----w-c:\programdata\AVG2012
    2013-01-02 08:10 . 2013-01-02 08:10--------d-----w-c:\program files (x86)\AVG
    2013-01-02 08:05 . 2013-01-03 15:03--------d-----w-c:\programdata\MFAData
    2013-01-02 07:31 . 2013-01-02 07:31--------d--h--w-c:\windows\system32\CanonIJ Uninstaller Information
    2013-01-02 07:31 . 2013-01-02 07:31--------d--h--w-c:\programdata\CanonBJ
    2013-01-02 07:31 . 2010-04-24 13:0083968----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
    2013-01-02 07:31 . 2010-04-24 13:0028672----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
    2013-01-02 07:31 . 2010-04-24 13:00336896----a-w-c:\windows\system32\CNMLM9W.DLL
    2013-01-02 07:31 . 2009-04-04 00:011321984----a-w-c:\windows\system32\CNC250C.dll
    2013-01-02 07:31 . 2009-04-04 00:0092672----a-w-c:\windows\system32\CNC250I.dll
    2013-01-02 07:31 . 2009-03-11 19:36328192----a-w-c:\windows\system32\CNC250L.dll
    2013-01-02 07:31 . 2009-03-11 19:34303104----a-w-c:\windows\SysWow64\CNC250L.dll
    2013-01-02 07:31 . 2008-08-26 02:0217920----a-w-c:\windows\system32\CNHMCA6.dll
    2013-01-02 07:31 . 2009-04-03 23:57106496----a-w-c:\windows\SysWow64\CNC250U.dll
    2013-01-02 07:31 . 2008-08-26 02:0215872----a-w-c:\windows\SysWow64\CNHMCA.dll
    2013-01-02 06:03 . 2013-01-02 06:03--------d-----w-C:\TDSSKiller_Quarantine
    2013-01-02 05:00 . 2013-01-02 05:00--------d-----w-c:\programdata\Malwarebytes
    2013-01-02 04:50 . 2013-01-02 04:50--------d-----w-c:\users\Tadpole
    2013-01-02 04:50 . 2013-01-02 04:50--------d-----w-C:\Recovery
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-16 08:38 . 2013-01-02 11:14135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38 . 2013-01-02 11:14350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39 . 2013-01-02 11:14561664----a-w-c:\windows\apppatch\AcLayers.dll
    2012-10-15 16:45 . 2012-10-15 16:45348160----a-w-c:\windows\SysWow64\msvcr71.dll
    2012-10-15 16:45 . 2012-10-15 16:45499712----a-w-c:\windows\SysWow64\msvcp71.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
    "AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7a\AOL.EXE" [2012-10-15 72312]
    "cdloader"="c:\users\Tadpole\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SMessaging"="c:\users\Tadpole\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-05 31664]
    "HostManager"="c:\program files (x86)\Common Files\AOL\1357094281\ee\AOLSoftware.exe" [2010-03-08 41800]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-03 1255736]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-03 30568]
    S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2013-01-03 711112]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-02 02:20]
    .
    2013-01-03 c:\windows\Tasks\SaveAsUpdaterTask{7ED21A0B-A79E-48FA-B8FA-4F2768FA7F7B}.job
    - c:\programdata\Premium\SaveAs\SaveAs.exe [2013-01-02 14:50]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
    SafeBoot-32580286.sys
    AddRemove-SP_156f8a5f - c:\program files (x86)\SaveAs\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-03 12:12:28
    ComboFix-quarantined-files.txt 2013-01-03 17:12
    .
    Pre-Run: 950,175,006,720 bytes free
    Post-Run: 950,228,619,264 bytes free
    .
    - - End Of File - - 16732C592FC65136AA1B7C656ACCFE74
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  9. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    Tdsskiller report

    Attached Files:

  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's take a closer look to the hard disk and outside of the operating system...


    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  11. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    When I get to the thing where it says to "type e:\frst.exe in the window I do what it tells me to do.. 1st I went to notepad to find my flash drive letter then I typed it in but then it tells me "g:\frst.exe is not recognized as an internal or external command, operable program or batch file did I do something wrong? btw I have a windows 7.
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Try g:\frst64.exe
  13. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    Here they are. I hope it was only 2 not 3, bc I did not see a 3rd one

    Attached Files:

     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    avast! aswMBR

    Please download aswMBR from here
    • Save aswMBR.exe to your Desktop
    • Double click aswMBR.exe to run it
    • Uncheck "Trace disk IO calls".
    • Click the Scan button to start the scan as illustrated below
    [​IMG]
    Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
    • Once the scan finishes click Save log to save the log to your Desktop
      [​IMG]
    • Copy and paste the contents of aswMBR.txt back here for review
    • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
  15. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2013-01-06 17:44:34
    -----------------------------
    17:44:34.083 OS Version: Windows x64 6.1.7601 Service Pack 1
    17:44:34.083 Number of processors: 4 586 0x203
    17:44:34.084 ComputerName: TADPOLE-PC UserName: Tadpole
    17:44:35.764 Initialize success
    17:45:17.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    17:45:17.675 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
    17:45:17.686 Disk 0 MBR read successfully
    17:45:17.690 Disk 0 MBR scan
    17:45:17.694 Disk 0 Windows 7 default MBR code
    17:45:17.699 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
    17:45:17.715 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 30734336
    17:45:17.727 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938761 MB offset 30939136
    17:45:17.759 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 1953521664
    17:45:17.808 Disk 0 scanning C:\Windows\system32\drivers
    17:45:21.313 Service scanning
    17:45:32.766 Modules scanning
    17:45:32.779 Scan finished successfully
    17:46:30.319 Disk 0 MBR has been saved successfully to "C:\Users\Tadpole\Desktop\MBR.dat"
    17:46:30.394 The log file has been saved successfully to "C:\Users\Tadpole\Desktop\aswMBR.txt"

    Attached Files:

  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  17. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    OTL logfile created on: 1/7/2013 10:16:13 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tadpole\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.75 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 77.95% Memory free
    15.50 Gb Paging File | 13.57 Gb Available in Paging File | 87.59% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.76 Gb Total Space | 857.73 Gb Free Space | 93.56% Space Free | Partition Type: NTFS
    Drive D: | 499.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive J: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: TADPOLE-PC | User Name: Tadpole | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/01/07 08:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tadpole\Desktop\OTL.exe
    PRC - [2013/01/03 02:28:23 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    PRC - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 19:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/13 17:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/09/19 09:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\SaveAs\SaveAs.exe
    PRC - [2012/08/13 06:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 06:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/06/13 06:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    PRC - [2012/02/14 07:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1357094281\ee\aolsoftware.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/28 17:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2012/11/28 17:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2012/09/13 00:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/09/13 00:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/01/03 02:28:23 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
    SRV - [2013/01/01 21:20:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/13 17:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/11/09 14:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/08/13 06:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/06/13 06:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
    SRV - [2012/02/14 07:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/01/03 02:28:24 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/12/14 19:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/08/31 01:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/08/24 18:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/08/21 16:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/07/26 06:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/04/19 07:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/31 07:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 16:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 16:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 16:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/05/23 04:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
    DRV:64bit: - [2009/06/10 15:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{86523F5C-A757-4FB9-AB45-B21BE886BB63}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 A8 66 4B A5 E8 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {5C9B1DDB-4163-4B4B-8B4B-1323D32B471A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{25679684-9C15-4DF0-B0AB-E4DEB9C5C611}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    IE - HKCU\..\SearchScopes\{5C9B1DDB-4163-4B4B-8B4B-1323D32B471A}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=010213&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/01/02 03:27:52 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357094281\ee\aolsoftware.exe (AOL Inc.)
    O4 - HKLM..\Run: [SMessaging] C:\Users\Tadpole\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
    O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE (AOL Inc.)
    O4 - HKCU..\Run: [cdloader] C:\Users\Tadpole\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20DF4C2C-FD87-4E96-BB94-06EBDADFDED5}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/09/22 10:35:35 | 000,091,464 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/08/25 03:14:07 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2010/09/14 02:48:47 | 000,028,064 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
    O32 - AutoRun File - [2010/09/14 02:48:47 | 000,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
    O32 - AutoRun File - [2010/09/14 02:48:47 | 000,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
    O32 - AutoRun File - [2010/09/14 02:48:47 | 000,684,200 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/01/07 08:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tadpole\Desktop\OTL.exe
    [2013/01/07 03:06:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013/01/06 22:20:29 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\PhoenixViewer
    [2013/01/06 22:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix Viewer
    [2013/01/06 22:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phoenix Viewer
    [2013/01/06 17:41:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tadpole\Desktop\aswMBR.exe
    [2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
    [2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
    [2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
    [2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
    [2013/01/06 14:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
    [2013/01/06 11:19:40 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/01/06 11:03:38 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\SecondLife
    [2013/01/06 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\SecondLife
    [2013/01/06 11:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
    [2013/01/06 11:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
    [2013/01/06 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Firestorm
    [2013/01/06 10:55:47 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Firestorm
    [2013/01/06 10:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
    [2013/01/06 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
    [2013/01/06 03:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
    [2013/01/05 08:05:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Documents\Notes
    [2013/01/04 03:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
    [2013/01/03 16:09:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2013/01/03 15:58:55 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tadpole\Desktop\tdsskiller.exe
    [2013/01/03 12:12:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/01/03 11:50:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/01/03 11:50:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/01/03 11:50:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/01/03 11:50:40 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/01/03 11:50:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/01/03 11:43:00 | 005,018,515 | R--- | C] (Swearware) -- C:\Users\Tadpole\Desktop\ComboFix.exe
    [2013/01/03 09:24:46 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\tjnet
    [2013/01/03 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\magicJack
    [2013/01/03 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
    [2013/01/03 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\mjusbsp
    [2013/01/03 06:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
    [2013/01/03 06:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
    [2013/01/03 02:28:33 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/01/03 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\WinRAR
    [2013/01/03 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/01/03 01:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2013/01/03 01:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
    [2013/01/03 01:03:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/01/03 00:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/01/03 00:50:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/01/03 00:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/01/02 23:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2013/01/02 23:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2013/01/02 08:30:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013/01/02 07:14:08 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Desktop\Alestorm - Back Through Time (Limited Edition) 2011 (320 kbps)
    [2013/01/02 06:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2013/01/02 06:46:23 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Desktop\Alestorm-Captain Morgans Revenge 2008
    [2013/01/02 06:46:23 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Desktop\Alestorm - Black Sails At Midnight 2009
    [2013/01/02 06:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
    [2013/01/02 06:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WoW Worldwide Software LTD
    [2013/01/02 06:00:01 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\TFP
    [2013/01/02 05:59:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Torch
    [2013/01/02 05:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
    [2013/01/02 05:58:24 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\MusicNet
    [2013/01/02 05:58:22 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Documents\My Received Files
    [2013/01/02 05:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
    [2013/01/02 05:57:23 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\PackageAware
    [2013/01/02 05:49:26 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Apple Computer
    [2013/01/02 05:49:26 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Apple Computer
    [2013/01/02 05:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/01/02 05:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2013/01/02 05:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
    [2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/01/02 05:47:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Apple
    [2013/01/02 05:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2013/01/02 05:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2013/01/02 05:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2013/01/02 05:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2013/01/02 05:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
    [2013/01/02 05:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
    [2013/01/02 03:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/01/02 03:26:53 | 000,000,000 | ---D | C] -- C:\$AVG
    [2013/01/02 03:12:17 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\AVG2012
    [2013/01/02 03:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
    [2013/01/02 03:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2013/01/02 03:11:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/01/02 03:11:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
    [2013/01/02 03:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2013/01/02 03:10:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
    [2013/01/02 03:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2013/01/02 03:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/01/02 02:31:51 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
    [2013/01/02 02:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
    [2013/01/02 02:31:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
    [2013/01/02 01:03:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2013/01/02 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\ElevatedDiagnostics
    [2013/01/02 00:00:39 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Malwarebytes
    [2013/01/02 00:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/01/01 23:57:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Programs
    [2013/01/01 23:50:30 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    [2013/01/01 23:50:30 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Searches
    [2013/01/01 23:50:30 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    [2013/01/01 23:50:30 | 000,000,000 | -H-D | C] -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/01/01 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Identities
    [2013/01/01 23:50:20 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Contacts
    [2013/01/01 23:50:19 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\VirtualStore
    [2013/01/01 23:50:14 | 000,000,000 | --SD | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Videos
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Saved Games
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Pictures
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Music
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Links
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Favorites
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Downloads
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Documents
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Desktop
    [2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\AppData\Local\Temporary Internet Files
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Templates
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Start Menu
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\SendTo
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Recent
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\PrintHood
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\NetHood
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Documents\My Videos
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Documents\My Pictures
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Documents\My Music
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\My Documents
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Local Settings
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\AppData\Local\History
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Cookies
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Application Data
    [2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\AppData\Local\Application Data
    [2013/01/01 23:50:14 | 000,000,000 | -H-D | C] -- C:\Users\Tadpole\AppData
    [2013/01/01 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Temp
    [2013/01/01 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Microsoft
    [2013/01/01 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Media Center Programs
    [2013/01/01 23:50:08 | 000,000,000 | ---D | C] -- C:\Recovery
    [2013/01/01 23:50:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/01/01 23:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
    [2013/01/01 23:41:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
    [2013/01/01 23:40:55 | 000,000,000 | ---D | C] -- C:\Windows\Panther
    [2013/01/01 23:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
    [2013/01/01 22:24:50 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Diagnostics
    [2013/01/01 21:54:02 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Skype
    [2013/01/01 21:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/01/01 21:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/01/01 21:53:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
    [2013/01/01 21:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2013/01/01 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
    [2013/01/01 21:46:45 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\AOL
    [2013/01/01 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
    [2013/01/01 21:46:39 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\AOL Toolbar
    [2013/01/01 21:46:32 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
    [2013/01/01 21:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
    [2013/01/01 21:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Toolbar
    [2013/01/01 21:46:26 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\AIM Toolbar
    [2013/01/01 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
    [2013/01/01 21:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
    [2013/01/01 21:37:31 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Microsoft Games
    [2013/01/01 21:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL
    [2013/01/01 21:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.7a
    [2013/01/01 21:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.7
    [2013/01/01 21:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
    [2013/01/01 21:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\aolshare
    [2013/01/01 21:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
    [2013/01/01 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Strongvault
    [2013/01/01 21:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
    [2013/01/01 21:27:22 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Strongvault Online Backup
    [2013/01/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Stronghold_LLC
    [2013/01/01 21:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM Toolbar
    [2013/01/01 21:27:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
    [2013/01/01 21:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM Toolbar
    [2013/01/01 21:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
    [2013/01/01 21:26:57 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
    [2013/01/01 21:26:51 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\AOL
    [2013/01/01 21:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
    [2013/01/01 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Macromedia
    [2013/01/01 21:20:20 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Adobe
    [2013/01/01 21:20:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
    [2013/01/01 21:20:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2013/01/01 20:59:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
  18. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    ========== Files - Modified Within 30 Days ==========

    [2013/01/07 09:47:14 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/01/07 09:47:14 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/01/07 09:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/07 08:48:58 | 105,409,812 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2013/01/07 08:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tadpole\Desktop\OTL.exe
    [2013/01/07 07:49:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/01/07 07:49:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/01/07 07:49:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/01/07 07:44:50 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\SaveAsUpdaterTask{7ED21A0B-A79E-48FA-B8FA-4F2768FA7F7B}.job
    [2013/01/07 07:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/01/07 07:44:31 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
    [2013/01/06 22:19:48 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
    [2013/01/06 17:42:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tadpole\Desktop\aswMBR.exe
    [2013/01/06 14:02:43 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2013/01/06 11:02:11 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
    [2013/01/06 10:50:58 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
    [2013/01/06 10:20:48 | 000,000,999 | ---- | M] () -- C:\Users\Tadpole\Desktop\magicJack.lnk
    [2013/01/06 09:06:09 | 000,030,677 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2013/01/05 11:27:51 | 000,018,910 | ---- | M] () -- C:\Users\Tadpole\Documents\msg0001.wav
    [2013/01/05 08:05:11 | 000,004,544 | ---- | M] () -- C:\Users\Tadpole\Desktop\New Journal Document.jnt
    [2013/01/03 15:59:05 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tadpole\Desktop\tdsskiller.exe
    [2013/01/03 11:43:03 | 005,018,515 | R--- | M] (Swearware) -- C:\Users\Tadpole\Desktop\ComboFix.exe
    [2013/01/03 08:16:19 | 000,020,664 | ---- | M] () -- C:\Users\Tadpole\Desktop\DDS Logs.zip
    [2013/01/03 07:42:43 | 000,551,997 | ---- | M] () -- C:\Users\Tadpole\Desktop\adwcleaner.exe
    [2013/01/03 07:18:03 | 000,001,441 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/03 07:14:58 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/01/03 06:11:41 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/01/03 06:11:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/01/03 02:28:24 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/01/03 01:22:07 | 282,020,331 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/01/03 00:50:21 | 000,001,137 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/01/03 00:50:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/02 23:06:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/01/02 06:00:18 | 000,002,065 | ---- | M] () -- C:\Users\Tadpole\Desktop\Facebook.lnk
    [2013/01/02 06:00:18 | 000,002,063 | ---- | M] () -- C:\Users\Tadpole\Desktop\Youtube.lnk
    [2013/01/02 06:00:18 | 000,001,256 | ---- | M] () -- C:\Users\Tadpole\Desktop\Torch.lnk
    [2013/01/02 06:00:07 | 000,001,116 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    [2013/01/02 06:00:02 | 000,003,584 | ---- | M] () -- C:\Users\Tadpole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/02 05:49:22 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/02 03:26:03 | 000,629,730 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
    [2013/01/02 03:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2013/01/02 03:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
    [2013/01/02 03:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2013/01/02 02:31:09 | 000,023,086 | ---- | M] () -- C:\Users\Tadpole\Documents\test moo.xps
    [2013/01/01 23:56:27 | 000,000,007 | ---- | M] () -- C:\Users\Tadpole\Desktop\New Rich Text Document.rtf
    [2013/01/01 23:45:00 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
    [2013/01/01 23:45:00 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
    [2013/01/01 23:43:40 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
    [2013/01/01 23:42:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2013/01/01 21:53:57 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/01 21:46:45 | 000,001,130 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
    [2013/01/01 21:46:45 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
    [2013/01/01 21:26:57 | 000,001,044 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2013/01/01 21:26:57 | 000,001,042 | ---- | M] () -- C:\Users\Tadpole\Desktop\AIM.lnk
    [2013/01/01 21:25:29 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
    [2013/01/01 21:23:34 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
    [2012/12/14 19:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2013/01/07 08:48:58 | 105,409,812 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
    [2013/01/06 22:19:48 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
    [2013/01/06 14:02:32 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2013/01/06 11:02:11 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
    [2013/01/06 10:50:58 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
    [2013/01/06 09:06:09 | 000,030,677 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
    [2013/01/05 11:27:51 | 000,018,910 | ---- | C] () -- C:\Users\Tadpole\Documents\msg0001.wav
    [2013/01/05 08:05:11 | 000,004,544 | ---- | C] () -- C:\Users\Tadpole\Desktop\New Journal Document.jnt
    [2013/01/03 11:50:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/01/03 11:50:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/01/03 11:50:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/01/03 11:50:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/01/03 11:50:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/01/03 09:17:04 | 000,000,999 | ---- | C] () -- C:\Users\Tadpole\Desktop\magicJack.lnk
    [2013/01/03 09:17:04 | 000,000,985 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
    [2013/01/03 08:16:19 | 000,020,664 | ---- | C] () -- C:\Users\Tadpole\Desktop\DDS Logs.zip
    [2013/01/03 07:42:40 | 000,551,997 | ---- | C] () -- C:\Users\Tadpole\Desktop\adwcleaner.exe
    [2013/01/03 06:25:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    [2013/01/03 06:11:41 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2013/01/03 06:11:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2013/01/03 06:05:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013/01/03 00:50:21 | 000,001,137 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2013/01/03 00:50:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/01/02 23:06:07 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2013/01/02 08:29:58 | 282,020,331 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/01/02 06:33:07 | 000,000,374 | -H-- | C] () -- C:\Windows\tasks\SaveAsUpdaterTask{7ED21A0B-A79E-48FA-B8FA-4F2768FA7F7B}.job
    [2013/01/02 06:00:12 | 000,001,194 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
    [2013/01/02 06:00:07 | 000,002,065 | ---- | C] () -- C:\Users\Tadpole\Desktop\Facebook.lnk
    [2013/01/02 06:00:07 | 000,002,063 | ---- | C] () -- C:\Users\Tadpole\Desktop\Youtube.lnk
    [2013/01/02 06:00:07 | 000,001,256 | ---- | C] () -- C:\Users\Tadpole\Desktop\Torch.lnk
    [2013/01/02 06:00:07 | 000,001,116 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
    [2013/01/02 06:00:02 | 000,003,584 | ---- | C] () -- C:\Users\Tadpole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/01/02 05:49:22 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/01/02 05:47:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2013/01/02 03:26:03 | 000,629,730 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
    [2013/01/02 03:11:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
    [2013/01/02 03:11:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
    [2013/01/02 03:11:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
    [2013/01/02 02:31:11 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\CNC173AD.TBL
    [2013/01/02 02:31:11 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\CNC173AD.TBL
    [2013/01/02 02:31:09 | 000,023,086 | ---- | C] () -- C:\Users\Tadpole\Documents\test moo.xps
    [2013/01/01 23:56:27 | 000,000,007 | ---- | C] () -- C:\Users\Tadpole\Desktop\New Rich Text Document.rtf
    [2013/01/01 23:54:48 | 000,001,441 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2013/01/01 23:51:02 | 000,001,413 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2013/01/01 23:50:58 | 000,001,447 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2013/01/01 23:50:14 | 000,000,290 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
    [2013/01/01 23:50:14 | 000,000,272 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
    [2013/01/01 23:44:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2013/01/01 23:44:50 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2013/01/01 23:43:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/01/01 23:42:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
    [2013/01/01 23:41:46 | 1945,509,887 | -HS- | C] () -- C:\hiberfil.sys
    [2013/01/01 21:53:57 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2013/01/01 21:46:45 | 000,001,130 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
    [2013/01/01 21:46:45 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
    [2013/01/01 21:26:57 | 000,001,044 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2013/01/01 21:26:57 | 000,001,042 | ---- | C] () -- C:\Users\Tadpole\Desktop\AIM.lnk
    [2013/01/01 21:23:34 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2013/01/01 21:20:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/01/01 20:59:41 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/01/02 03:12:17 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\AVG2012
    [2013/01/06 19:59:56 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\Firestorm
    [2013/01/06 10:20:59 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\mjusbsp
    [2013/01/02 05:58:24 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\MusicNet
    [2013/01/06 20:04:54 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\SecondLife
    [2013/01/01 21:27:33 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\Strongvault
    [2013/01/02 06:00:03 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\TFP

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
    < End of report >
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  20. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    The only thing I know is that before reinstalling windows 7 I was unable to use my dvd drive or usb ports and after the reinstalli tried a different virus detector and it keeps on saying it removed the same virus over and over again but it just seems to never be removed from my PC.. it just stays on my PC and here is a Picture of what the virus scanner has to say about it.

    Attached Files:

    • mse.png
      mse.png
      File size:
      277.1 KB
      Views:
      3
  21. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    And.. I came here mainly bc I called microsoft tech support up and asked them about the virus and they said if its not removed then it will efect my Emails and PC's around me and steal lots of data,.. but they told me I will have to pay 99 $for them to remove it and I do not have that kind of money so I came here lol
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Thanks for showing the information, as TDSSKiller did not identify it, sadly.

    We need to remove a partition, but I need some more information. You'll have to work steady with me here, because if you don't get this right and delete something incorrect, it's irreversible. :p

    But, I'll do my best to help you avoid any issues.

    The following is just to verify some information again:

    Check Partitions

    Please download Listparts
    Run the tool,
    check the "list BCD" box
    click "Scan" and post the log (Result.txt) it makes.
  23. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    ListParts by Farbar Version: 30-10-2012
    Ran by Tadpole (administrator) on 09-01-2013 at 10:57:08
    Windows 7 (X64)
    Running From: C:\Users\Tadpole\Desktop
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 25%
    Total physical RAM: 7935.18 MB
    Available physical RAM: 5948.9 MB
    Total Pagefile: 15868.55 MB
    Available Pagefile: 13262.52 MB
    Total Virtual: 4095.88 MB
    Available Virtual: 3980.12 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:916.76 GB) (Free:859.74 GB) NTFS
    2 Drive d: (AVG 2012 - B1780) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 931 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 14 GB 31 KB
    Partition 2 Primary 100 MB 14 GB
    Partition 3 Primary 916 GB 14 GB
    Partition 4 Primary 1744 KB 931 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 PQSERVICE NTFS Partition 14 GB Healthy Hidden

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C NTFS Partition 916 GB Healthy Boot

    ======================================================================================================

    Disk: 0
    Partition 4
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================
    'bcdedit' is not recognized as an internal or external command,
    operable program or batch file.


    ****** End Of Log ******
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay. Here we go with the fix:

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

  25. Piratekitty

    Piratekitty Newcomer, in training Topic Starter Posts: 37

    Question: make sure it maintains the same name as what it is now or as FRST?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.