Inactive Win64/Patched.A help

fmirza

Posts: 8   +0
Hello, my AVG scanner keeps telling me that my services.exe file has been infected with Win64/Patched.A and I was wondering if anyone here could give me some help with that. Anything you can give me would be greatly appreciated. Here are the logs.

Malwarebytes:

Malwarebytes Anti-Malware (Trial) 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Black mage :: OAK_STAFF [administrator]

Protection: Enabled

11/14/2012 12:58:52 PM
mbam-log-2012-11-14 (12-58-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 365222
Time elapsed: 1 hour(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Browser companion helper (PUP.Blabbers) -> Data: C:\Program Files (x86)\BrowserCompanion\BCHelper.exe /T=3 /S=7 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\Black mage\AppData\Local\CheeryChickenSA (Adware.HotBar.CC) -> Quarantined and deleted successfully.
C:\Users\Black mage\AppData\Local\CheeryChickenSA\bin (Adware.HotBar.CC) -> Quarantined and deleted successfully.
C:\Users\Black mage\AppData\Local\CheeryChickenSA\bin\1.0.7.0 (Adware.HotBar.CC) -> Quarantined and deleted successfully.
C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA (Adware.HotBar.CC) -> Quarantined and deleted successfully.
C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA\bin (Adware.HotBar.CC) -> Quarantined and deleted successfully.
C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA\bin\1.0.7.0 (Adware.HotBar.CC) -> Quarantined and deleted successfully.

Files Detected: 7
C:\Program Files (x86)\BrowserCompanion\BCHelper.exe (PUP.Blabbers) -> Quarantined and deleted successfully.
C:\Users\Black mage\Downloads\etype_setup (1).exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\Black mage\Downloads\etype_setup (2).exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\Black mage\Downloads\etype_setup (3).exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\Black mage\Downloads\etype_setup.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\Black mage\AppData\Local\CheeryChickenSA\bin\1.0.7.0\cheerychickenSAHook.aaa (Adware.HotBar.CC) -> Quarantined and deleted successfully.
C:\Users\Black mage\Local Settings\Application Data\CheeryChickenSA\bin\1.0.7.0\cheerychickenSAHook.aaa (Adware.HotBar.CC) -> Quarantined and deleted successfully.

(end)


GMER

[FONT=mceinline]GMER 1.0.15.15641 - http://www.gmer.net[/FONT]
[FONT=mceinline]Rootkit scan 2012-11-14 23:14:52[/FONT]
[FONT=mceinline]Windows 6.1.7601 Service Pack 1 [/FONT]
[FONT=mceinline]Running: 4jgf925r.exe[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]---- Files - GMER 1.0.15 ----[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UMYAQKNT\dnserrordiagoff_webOC[1] 0 bytes[/FONT]
[FONT=mceinline]File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\down[2] 0 bytes[/FONT]
[FONT=mceinline]File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\httpErrorPagesScripts[1] 0 bytes[/FONT]
[FONT=mceinline]File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\background_gradient[1] 0 bytes[/FONT]
[FONT=mceinline]File C:\Users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZWXZOOYG\bullet[1] 0 bytes[/FONT]
[FONT=mceinline]File C:\Windows\Temp\avg-36245f04-9e8c-476a-acd9-100b3d7c783e.tmp 0 bytes[/FONT]
[FONT=mceinline][/FONT]
[FONT=mceinline]---- EOF - GMER 1.0.15 ----[/FONT]


DDS

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.7.2
Run by Black mage at 23:17:32 on 2012-11-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.880 [GMT -8:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Evaer\videochannel.exe
C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evaer\evaer.exe
C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Users\Black mage\Downloads\4jgf925r.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\PC Tools Registry Mechanic\RegMech.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uSearch Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uSearch Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uProxyOverride = <local>;127.0.0.1:9421;
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentControl2 Toolbar: {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [avichannel] "C:\Program Files (x86)\Evaer\videochannel.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\BLACKM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\16474777966696 : DHCPNameServer = 192.168.5.1
TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\8796 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\D49425A514 : DHCPNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{621CB230-EB1A-4166-8D1F-63EEA9690FD7}\E4544574541425 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2012-9-4 50296]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2012-7-21 30568]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-11-2 1340976]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 MBAMScheduler;MBAMScheduler;C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-14 399432]
R2 MBAMService;MBAMService;C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-14 676936]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-8 793048]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-2 3064000]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-11-15 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-14 25928]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-15 51512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-10-28 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-15 232992]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-11-19 59392]
.
=============== Created Last 30 ================
.
2012-11-14 20:57:34--------d-----w-C:\Users\Black mage\AppData\Roaming\Malwarebytes
2012-11-14 20:57:22--------d-----w-C:\ProgramData\Malwarebytes
2012-11-14 20:57:2125928----a-w-C:\windows\System32\drivers\mbam.sys
2012-11-13 23:14:11--------d-----w-C:\Users\Black mage\AppData\Roaming\AVG2013
2012-11-11 02:14:35--------d-----w-C:\Users\Black mage\AppData\Roaming\TuneUp Software
2012-11-11 02:09:10--------d-----w-C:\ProgramData\AVG2013
2012-11-11 01:50:51--------d-----w-C:\Users\Black mage\AppData\Local\MFAData
2012-11-11 01:50:51--------d-----w-C:\Users\Black mage\AppData\Local\Avg2013
2012-11-04 23:37:06--------d-----w-C:\Users\Black mage\AppData\Roaming\Big Fish Games
2012-11-04 08:55:26--------d-----w-C:\Program Files (x86)\Fairway
2012-11-04 08:40:02--------d-----w-C:\ProgramData\Big Fish Games
2012-11-04 08:40:00--------d-----w-C:\Program Files (x86)\bfgclient
2012-11-04 08:38:24--------d-----w-C:\BigFishGamesCache
2012-10-29 05:20:02--------d-----w-C:\windows\en
2012-10-29 05:15:5657856----a-w-C:\windows\System32\drivers\fssfltr.sys
2012-10-29 05:13:345659096----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\fb05c59d1cdb59301\skydrivesetup.exe
2012-10-29 05:13:34--------d-----w-C:\Program Files (x86)\Microsoft SkyDrive
2012-10-29 05:13:33--------d-----r-C:\Users\Black mage\SkyDrive
2012-10-29 05:13:3089944----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DSETUP.dll
2012-10-29 05:13:30537432----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DXSETUP.exe
2012-10-29 05:13:301801048----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\dsetup32.dll
2012-10-29 05:13:01--------d-----w-C:\ProgramData\Microsoft SkyDrive
2012-10-29 05:13:0089944----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DSETUP.dll
2012-10-29 05:13:00537432----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DXSETUP.exe
2012-10-29 05:13:001801048----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\dsetup32.dll
2012-10-29 05:12:5894040----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DSETUP.dll
2012-10-29 05:12:58525656----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DXSETUP.exe
2012-10-29 05:12:581691480----a-w-C:\Program Files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\dsetup32.dll
2012-10-28 20:06:47--------d-----w-C:\Users\Black mage\AppData\Local\{F7330700-7A80-43EC-B29B-B3D26821FCFA}
2012-10-28 08:06:35--------d-----w-C:\Users\Black mage\AppData\Local\{AA5350E0-5DB6-4B3F-AD35-437A6B7E815D}
2012-10-27 18:25:03--------d-----w-C:\Users\Black mage\AppData\Local\{F0131E87-753F-4D6B-A0D2-DB434DF1A314}
2012-10-27 06:24:37--------d-----w-C:\Users\Black mage\AppData\Local\{88F662E1-D965-4C4F-BFB3-11C86A0DE77C}
2012-10-26 18:24:14--------d-----w-C:\Users\Black mage\AppData\Local\{FE039671-5DCC-40CB-A237-69A41D127956}
2012-10-26 06:12:53--------d-----w-C:\Users\Black mage\AppData\Local\{A57F09EE-3741-4CF9-8F55-008C3CFE81F4}
2012-10-25 04:42:47--------d-----w-C:\Users\Black mage\AppData\Local\{2FF5027A-CCFC-4D97-952D-8E4E1D0BE8CF}
2012-10-25 01:17:46--------d-sh--w-C:\found.000
2012-10-24 16:42:21--------d-----w-C:\Users\Black mage\AppData\Local\{B821BB45-54F5-4E0F-9C44-D93D39204B1A}
2012-10-23 19:04:53--------d-----w-C:\Users\Black mage\AppData\Local\{F4F136EA-5B2F-4A49-9289-52E461F22FA2}
2012-10-23 06:38:39--------d-----w-C:\Users\Black mage\AppData\Local\{C728B0F0-5FFE-41CE-A248-2445E9955C71}
2012-10-22 21:02:44154464----a-w-C:\windows\System32\drivers\avgidsdrivera.sys
2012-10-22 17:24:20--------d-----w-C:\Users\Black mage\AppData\Local\{3CB3FFA8-8725-4EAC-B298-9FB8A5113539}
2012-10-21 06:10:20--------d-----w-C:\Users\Black mage\AppData\Local\{80BD52DC-5C44-4812-8B9A-9183BA5CF009}
2012-10-20 18:10:08--------d-----w-C:\Users\Black mage\AppData\Local\{F7CD66D0-2828-4FF9-BB0A-EA57885F8A99}
2012-10-20 06:09:55--------d-----w-C:\Users\Black mage\AppData\Local\{05E03EB6-1CA0-4E87-8655-23F62DCD1BFF}
2012-10-19 18:09:42--------d-----w-C:\Users\Black mage\AppData\Local\{D153C140-E546-4719-A2B2-602610A42040}
2012-10-19 06:09:22--------d-----w-C:\Users\Black mage\AppData\Local\{FFF79EE6-4282-4CDF-B0FF-AAF29C4EE4B6}
2012-10-18 18:09:03--------d-----w-C:\Users\Black mage\AppData\Local\{C5025685-A455-48FF-80A1-27A6CF364297}
2012-10-18 06:08:47--------d-----w-C:\Users\Black mage\AppData\Local\{F098D6BE-CBB0-428D-92B8-5A68F988D3CC}
2012-10-17 18:08:35--------d-----w-C:\Users\Black mage\AppData\Local\{5804D7F2-20CC-4787-938E-AA6EFE1B090A}
2012-10-17 06:08:24--------d-----w-C:\Users\Black mage\AppData\Local\{9265D5F3-CD3C-4118-94E9-EB9C69529A9D}
2012-10-16 18:08:11--------d-----w-C:\Users\Black mage\AppData\Local\{7F870E15-16A9-4713-92A0-735AB807367A}
.
==================== Find3M ====================
.
2012-11-14 18:07:084940----a-w-C:\windows\System32\PerfStringBackup.TMP
2012-11-09 07:22:0730568----a-w-C:\windows\System32\drivers\avgtpx64.sys
2012-10-15 11:48:5063328----a-w-C:\windows\System32\drivers\avgidsha.sys
2012-10-08 20:49:2673656----a-w-C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:49:26696760----a-w-C:\windows\SysWow64\FlashPlayerApp.exe
2012-10-05 11:32:50111456----a-w-C:\windows\System32\drivers\avgmfx64.sys
2012-10-02 11:30:38185696----a-w-C:\windows\System32\drivers\avgldx64.sys
2012-09-30 03:47:3995208----a-w-C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 03:47:39821736----a-w-C:\windows\SysWow64\npDeployJava1.dll
2012-09-30 03:47:39746984----a-w-C:\windows\SysWow64\deployJava1.dll
2012-09-21 11:46:04200032----a-w-C:\windows\System32\drivers\avgtdia.sys
2012-09-21 11:46:00225120----a-w-C:\windows\System32\drivers\avgloga.sys
2012-09-14 11:05:1840800----a-w-C:\windows\System32\drivers\avgrkx64.sys
2012-09-12 23:07:4458368----a-w-C:\windows\SysWow64\sirenacm.dll
2012-09-12 22:57:44322048----a-w-C:\windows\WLXPGSS.SCR
2012-09-04 18:39:3250296----a-w-C:\windows\System32\drivers\avgfwd6a.sys
.
============= FINISH: 23:19:15.51 ===============


Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/16/2011 3:01:40 PM
System Uptime: 11/14/2012 2:05:35 PM (9 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel(R) Celeron(R) CPU 925 @ 2.30GHz | CPU | 2294/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 122.638 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP91: 10/28/2012 10:11:29 PM - Windows Live Essentials
RP92: 10/28/2012 10:13:39 PM - Installed DirectX
RP93: 10/28/2012 10:13:57 PM - Installed DirectX
RP94: 10/28/2012 10:14:19 PM - Installed DirectX
RP95: 10/28/2012 10:15:33 PM - WLSetup
RP96: 11/10/2012 6:08:10 PM - Installed AVG 2013
RP97: 11/10/2012 6:09:22 PM - Installed AVG 2013
.
==== Installed Programs ======================
.
3DChat game client
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.3
Adobe Shockwave Player 11.6
Aeria Downloader
Akamai NetSession Interface
Akamai NetSession Interface Service
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
AVG 2013
AVG Security Toolbar
Becker's CPA Exam Review - 2012 Edition
Best Buy pc app
Big Fish Games: Game Manager
Bing Bar
Conexant HD Audio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dream of Mirror Online
Dropbox
Earth 2150
Evaer Video Recorder for Skype 1.2.6.29
Fairway™
ffdshow [rev 3154] [2009-12-09]
Garmin Communicator Plugin
Garmin USB Drivers
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
InstaTrader
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 31 (64-bit)
JavaFX 2.1.1
Junk Mail filter update
Label@Once 1.0
League of Legends
Magic Online
Malwarebytes Anti-Malware version 1.65.1.1000
Messenger Plus! 5
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Hotmail Connector 64-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Pando Media Booster
PC Tools Registry Mechanic 11.0
Photo Common
Photo Gallery
PlayReady PC Runtime amd64
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Secure Download Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 64-Bit Edition
Skype Click to Call
Skype™ 5.10
SMPlayer 0.7.0
swMSM
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Disc Creator
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2597091) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
uTorrentControl2 Toolbar
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.10 beta 3 (64-bit)
Xvid MPEG-4 Video Codec
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
11/14/2012 2:37:37 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
11/14/2012 2:06:18 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
11/14/2012 2:06:16 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
11/14/2012 2:06:16 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
11/14/2012 2:06:15 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
11/14/2012 10:09:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent service to connect.
11/14/2012 10:09:33 AM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2012 9:34:28 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TMachInfo service to connect.
11/10/2012 9:33:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
11/10/2012 9:33:27 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/10/2012 9:31:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
11/10/2012 9:30:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wlidsvc service.
11/10/2012 9:27:32 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
11/10/2012 5:05:24 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 5:05:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/10/2012 5:05:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/10/2012 5:05:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/10/2012 5:05:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/10/2012 5:05:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/10/2012 5:05:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/10/2012 5:04:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/10/2012 5:04:51 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/10/2012 4:50:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
11/10/2012 4:50:30 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
Thanks for the response, Jay. Here are the additional logs.

FRST.exe

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2012
Ran by SYSTEM at 15-11-2012 14:54:19
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [] [x]
HKLM\...\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [x]
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [x]
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [x]
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [x]
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [112512 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2011-11-17] (RealNetworks, Inc.)
HKLM-x32\...\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe [801792 2011-10-24] (Yuna Software)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-01-04] (PC Tools)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-08] ()
HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-08-30] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-06] (AVG Technologies CZ, s.r.o.)
HKU\Black mage\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4272640 2012-09-12] (Microsoft Corporation)
HKU\Black mage\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [x]
HKU\Black mage\...\Run: [avichannel] "C:\Program Files (x86)\Evaer\videochannel.exe" [1691136 2012-02-02] (Evaer Technology)
HKU\Black mage\...\Run: [Akamai NetSession Interface] "C:\Users\Black mage\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
HKU\Black mage\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\Black mage\...\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet [6591800 2012-02-22] (Yahoo! Inc.)
HKU\Black mage\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-07-19] (Google Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$23151697fd8a69cd7506934393e3f49c\n. ATTENTION! ====> ZeroAccess
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Black mage\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 avgfws; "C:\Program Files (x86)\AVG\AVG2013\avgfws.exe" [1340976 2012-11-02] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-06] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
2 MBAMScheduler; "C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-29] (Malwarebytes Corporation)
2 MBAMService; "C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-29] (Malwarebytes Corporation)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-01-04] (PC Tools)
2 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-08] ()

==================== Drivers (Whitelisted) =====================

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-05] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [30568 2012-11-08] (AVG Technologies)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [25928 2012-09-29] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-11-15 14:38 - 2012-11-15 14:38 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64 (1).exe
2012-11-15 14:37 - 2012-11-15 14:37 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64.exe
2012-11-15 14:37 - 2012-11-15 14:37 - 00000000 ____D C:\FRST
2012-11-14 23:19 - 2012-11-14 23:19 - 00029978 ____A C:\Users\Black mage\Desktop\dds.txt
2012-11-14 23:19 - 2012-11-14 23:19 - 00015323 ____A C:\Users\Black mage\Desktop\attach.txt
2012-11-14 23:14 - 2012-11-14 23:14 - 00001034 ____A C:\Users\Black mage\Desktop\gmer.log
2012-11-14 12:57 - 2012-11-14 12:57 - 00000821 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware
2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Malwarebytes
2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-14 12:57 - 2012-09-29 19:54 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-11-14 12:55 - 2012-11-14 12:55 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Black mage\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-14 12:54 - 2012-11-14 12:54 - 00688901 ____R (Swearware) C:\Users\Black mage\Downloads\dds.com
2012-11-14 12:53 - 2012-11-14 12:53 - 00302592 ____A C:\Users\Black mage\Downloads\4jgf925r.exe
2012-11-13 15:14 - 2012-11-13 15:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\AVG2013
2012-11-11 21:41 - 2012-11-11 21:41 - 00085004 ____A C:\Users\Black mage\Downloads\Me 3 xx.zip
2012-11-11 21:41 - 2012-11-11 21:41 - 00042398 ____A C:\Users\Black mage\Downloads\llll.bmp
2012-11-10 18:14 - 2012-11-10 18:14 - 00000976 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-10 18:14 - 2012-11-10 18:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\TuneUp Software
2012-11-10 18:09 - 2012-11-14 13:55 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-10 17:50 - 2012-11-14 13:04 - 00000000 ____D C:\Users\Black mage\AppData\Local\Avg2013
2012-11-10 17:50 - 2012-11-10 17:50 - 00000000 ____D C:\Users\Black mage\AppData\Local\MFAData
2012-11-10 17:06 - 2012-11-10 17:24 - 00007002 ____A C:\Users\Black mage\Desktop\avgrep.txt
2012-11-09 15:11 - 2012-11-09 15:11 - 00021698 ____A C:\Users\Black mage\Downloads\member.php
2012-11-04 15:37 - 2012-11-04 15:37 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Big Fish Games
2012-11-04 00:56 - 2012-11-04 00:56 - 00001893 ____A C:\Users\Public\Desktop\Play Fairway.lnk
2012-11-04 00:56 - 2012-11-04 00:56 - 00001244 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-11-04 00:55 - 2012-11-04 00:56 - 00000000 ____D C:\Program Files (x86)\Fairway
2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Users\All Users\Big Fish Games
2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Program Files (x86)\bfgclient
2012-11-04 00:38 - 2012-11-04 16:37 - 00000000 ____D C:\BigFishGamesCache
2012-11-04 00:38 - 2012-11-04 00:38 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469980.exe
2012-11-04 00:37 - 2012-11-04 00:38 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469779.exe
2012-10-28 21:20 - 2012-10-28 21:20 - 00000000 ____D C:\Windows\en
2012-10-28 21:15 - 2012-09-12 14:20 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fssfltr.sys
2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ___RD C:\Users\Black mage\SkyDrive
2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2012-10-28 21:09 - 2012-10-28 21:09 - 01239552 ____A (Microsoft Corporation) C:\Users\Black mage\Downloads\wlsetup-web (1).exe
2012-10-28 12:06 - 2012-10-28 12:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7330700-7A80-43EC-B29B-B3D26821FCFA}
2012-10-28 00:06 - 2012-10-28 00:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{AA5350E0-5DB6-4B3F-AD35-437A6B7E815D}
2012-10-27 10:25 - 2012-10-27 10:25 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F0131E87-753F-4D6B-A0D2-DB434DF1A314}
2012-10-26 22:24 - 2012-10-26 22:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{88F662E1-D965-4C4F-BFB3-11C86A0DE77C}
2012-10-26 21:59 - 2012-10-26 21:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-26 10:24 - 2012-10-26 10:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FE039671-5DCC-40CB-A237-69A41D127956}
2012-10-25 22:12 - 2012-10-25 22:13 - 00000000 ____D C:\Users\Black mage\AppData\Local\{A57F09EE-3741-4CF9-8F55-008C3CFE81F4}
2012-10-24 20:42 - 2012-10-25 10:12 - 00000000 ____D C:\Users\Black mage\AppData\Local\{2FF5027A-CCFC-4D97-952D-8E4E1D0BE8CF}
2012-10-24 17:17 - 2012-10-24 17:17 - 00000000 __SHD C:\found.000
2012-10-24 08:42 - 2012-10-24 08:42 - 00000000 ____D C:\Users\Black mage\AppData\Local\{B821BB45-54F5-4E0F-9C44-D93D39204B1A}
2012-10-23 11:04 - 2012-10-23 11:05 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F4F136EA-5B2F-4A49-9289-52E461F22FA2}
2012-10-22 22:38 - 2012-10-22 22:38 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C728B0F0-5FFE-41CE-A248-2445E9955C71}
2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-22 09:24 - 2012-10-22 09:25 - 00000000 ____D C:\Users\Black mage\AppData\Local\{3CB3FFA8-8725-4EAC-B298-9FB8A5113539}
2012-10-20 22:10 - 2012-10-20 22:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{80BD52DC-5C44-4812-8B9A-9183BA5CF009}
2012-10-20 10:10 - 2012-10-20 10:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7CD66D0-2828-4FF9-BB0A-EA57885F8A99}
2012-10-19 22:09 - 2012-10-19 22:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{05E03EB6-1CA0-4E87-8655-23F62DCD1BFF}
2012-10-19 10:09 - 2012-10-19 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{D153C140-E546-4719-A2B2-602610A42040}
2012-10-18 22:09 - 2012-10-18 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FFF79EE6-4282-4CDF-B0FF-AAF29C4EE4B6}
2012-10-18 10:09 - 2012-10-18 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C5025685-A455-48FF-80A1-27A6CF364297}
2012-10-17 22:08 - 2012-10-17 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F098D6BE-CBB0-428D-92B8-5A68F988D3CC}
2012-10-17 10:08 - 2012-10-17 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{5804D7F2-20CC-4787-938E-AA6EFE1B090A}
2012-10-16 22:08 - 2012-10-16 22:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{9265D5F3-CD3C-4118-94E9-EB9C69529A9D}
2012-10-16 15:08 - 2012-10-16 15:38 - 89495474 ____A C:\Users\Black mage\Downloads\camfour_young_couple.avi
2012-10-16 10:08 - 2012-10-16 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{7F870E15-16A9-4713-92A0-735AB807367A}

==================== One Month Modified Files and Folders =======

2012-11-15 14:42 - 2012-04-06 21:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-15 14:40 - 2012-04-02 23:21 - 00004940 ____A C:\Windows\System32\PerfStringBackup.TMP
2012-11-15 14:38 - 2012-11-15 14:38 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64 (1).exe
2012-11-15 14:38 - 2011-11-16 19:57 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Skype
2012-11-15 14:37 - 2012-11-15 14:37 - 01461037 ____A (Farbar) C:\Users\Black mage\Downloads\FRST64.exe
2012-11-15 14:37 - 2012-11-15 14:37 - 00000000 ____D C:\FRST
2012-11-15 13:57 - 2010-07-19 13:43 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-11-15 13:37 - 2011-11-16 16:18 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-15 11:58 - 2011-11-16 16:19 - 00000000 ____D C:\Users\Black mage\AppData\Local\Windows Live
2012-11-14 23:56 - 2011-11-16 16:43 - 00000000 ____D C:\Users\Black mage\Tracing
2012-11-14 23:35 - 2011-12-08 20:18 - 00000420 ____A C:\Windows\SysWOW64\AppLog.log
2012-11-14 23:35 - 2011-12-08 02:00 - 00000296 ____A C:\Windows\Tasks\RMSchedule.job
2012-11-14 23:19 - 2012-11-14 23:19 - 00029978 ____A C:\Users\Black mage\Desktop\dds.txt
2012-11-14 23:19 - 2012-11-14 23:19 - 00015323 ____A C:\Users\Black mage\Desktop\attach.txt
2012-11-14 23:14 - 2012-11-14 23:14 - 00001034 ____A C:\Users\Black mage\Desktop\gmer.log
2012-11-14 19:57 - 2010-07-19 13:43 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-11-14 14:13 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-14 14:13 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-14 14:08 - 2012-05-06 18:35 - 00000000 ___RD C:\Users\Black mage\Dropbox
2012-11-14 14:08 - 2012-05-06 18:07 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Dropbox
2012-11-14 14:06 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-14 14:06 - 2009-07-13 20:51 - 00047106 ____A C:\Windows\setupact.log
2012-11-14 14:01 - 2010-07-19 13:59 - 00254652 ____A C:\Windows\PFRO.log
2012-11-14 13:59 - 2011-11-24 22:54 - 00000000 ____D C:\Program Files (x86)\BrowserCompanion
2012-11-14 13:55 - 2012-11-10 18:09 - 00000000 ____D C:\Users\All Users\AVG2013
2012-11-14 13:04 - 2012-11-10 17:50 - 00000000 ____D C:\Users\Black mage\AppData\Local\Avg2013
2012-11-14 12:57 - 2012-11-14 12:57 - 00000821 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\Desktop\Malwarebytes' Anti-Malware
2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Malwarebytes
2012-11-14 12:57 - 2012-11-14 12:57 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-11-14 12:55 - 2012-11-14 12:55 - 10669952 ____A (Malwarebytes Corporation ) C:\Users\Black mage\Downloads\mbam-setup-1.65.1.1000.exe
2012-11-14 12:54 - 2012-11-14 12:54 - 00688901 ____R (Swearware) C:\Users\Black mage\Downloads\dds.com
2012-11-14 12:53 - 2012-11-14 12:53 - 00302592 ____A C:\Users\Black mage\Downloads\4jgf925r.exe
2012-11-14 01:21 - 2012-01-08 19:53 - 00000000 ____D C:\Users\Black mage\AppData\Local\PMB Files
2012-11-14 01:21 - 2012-01-08 19:53 - 00000000 ____D C:\Users\All Users\PMB Files
2012-11-13 15:14 - 2012-11-13 15:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\AVG2013
2012-11-13 15:14 - 2011-12-17 22:22 - 00000000 ____D C:\Program Files (x86)\AVG
2012-11-11 21:41 - 2012-11-11 21:41 - 00085004 ____A C:\Users\Black mage\Downloads\Me 3 xx.zip
2012-11-11 21:41 - 2012-11-11 21:41 - 00042398 ____A C:\Users\Black mage\Downloads\llll.bmp
2012-11-10 18:16 - 2012-05-01 11:23 - 00000000 ___HD C:\$AVG
2012-11-10 18:14 - 2012-11-10 18:14 - 00000976 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2012-11-10 18:14 - 2012-11-10 18:14 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\TuneUp Software
2012-11-10 17:50 - 2012-11-10 17:50 - 00000000 ____D C:\Users\Black mage\AppData\Local\MFAData
2012-11-10 17:25 - 2011-11-15 19:25 - 01645978 ____A C:\Windows\WindowsUpdate.log
2012-11-10 17:24 - 2012-11-10 17:06 - 00007002 ____A C:\Users\Black mage\Desktop\avgrep.txt
2012-11-09 15:11 - 2012-11-09 15:11 - 00021698 ____A C:\Users\Black mage\Downloads\member.php
2012-11-09 14:13 - 2011-11-28 01:39 - 00000000 ____D C:\Users\Black mage\Documents\Evaer
2012-11-08 23:23 - 2012-07-21 13:55 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-11-08 23:22 - 2012-07-21 13:55 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-11-08 23:22 - 2012-07-21 13:55 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-11-07 22:48 - 2011-11-16 16:44 - 00000000 ____D C:\Users\Black mage\Documents\My Received Files
2012-11-04 16:37 - 2012-11-04 00:38 - 00000000 ____D C:\BigFishGamesCache
2012-11-04 15:37 - 2012-11-04 15:37 - 00000000 ____D C:\Users\Black mage\AppData\Roaming\Big Fish Games
2012-11-04 00:56 - 2012-11-04 00:56 - 00001893 ____A C:\Users\Public\Desktop\Play Fairway.lnk
2012-11-04 00:56 - 2012-11-04 00:56 - 00001244 ____A C:\Users\Public\Desktop\More Great Games.lnk
2012-11-04 00:56 - 2012-11-04 00:55 - 00000000 ____D C:\Program Files (x86)\Fairway
2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Users\All Users\Big Fish Games
2012-11-04 00:40 - 2012-11-04 00:40 - 00000000 ____D C:\Program Files (x86)\bfgclient
2012-11-04 00:38 - 2012-11-04 00:38 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469980.exe
2012-11-04 00:38 - 2012-11-04 00:37 - 00235080 ____A (Big Fish Games) C:\Users\Black mage\Downloads\fairway_s1_l1_gF6759T1L1_d1908469779.exe
2012-10-31 09:42 - 2011-11-16 19:55 - 00000000 ____D C:\Users\All Users\Skype
2012-10-28 21:20 - 2012-10-28 21:20 - 00000000 ____D C:\Windows\en
2012-10-28 21:16 - 2010-07-19 13:45 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-10-28 21:15 - 2011-11-16 16:24 - 00000000 ____D C:\Program Files\Windows Live
2012-10-28 21:15 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ___RD C:\Users\Black mage\SkyDrive
2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Users\All Users\Microsoft SkyDrive
2012-10-28 21:13 - 2012-10-28 21:13 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive
2012-10-28 21:13 - 2011-11-16 15:01 - 00000000 ____D C:\users\Black mage
2012-10-28 21:13 - 2010-07-19 13:42 - 00300408 ____A C:\Windows\DirectX.log
2012-10-28 21:09 - 2012-10-28 21:09 - 01239552 ____A (Microsoft Corporation) C:\Users\Black mage\Downloads\wlsetup-web (1).exe
2012-10-28 12:06 - 2012-10-28 12:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7330700-7A80-43EC-B29B-B3D26821FCFA}
2012-10-28 00:06 - 2012-10-28 00:06 - 00000000 ____D C:\Users\Black mage\AppData\Local\{AA5350E0-5DB6-4B3F-AD35-437A6B7E815D}
2012-10-27 10:25 - 2012-10-27 10:25 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F0131E87-753F-4D6B-A0D2-DB434DF1A314}
2012-10-27 07:29 - 2012-04-25 16:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-26 22:24 - 2012-10-26 22:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{88F662E1-D965-4C4F-BFB3-11C86A0DE77C}
2012-10-26 21:59 - 2012-10-26 21:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-26 10:24 - 2012-10-26 10:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FE039671-5DCC-40CB-A237-69A41D127956}
2012-10-25 22:13 - 2012-10-25 22:12 - 00000000 ____D C:\Users\Black mage\AppData\Local\{A57F09EE-3741-4CF9-8F55-008C3CFE81F4}
2012-10-25 10:12 - 2012-10-24 20:42 - 00000000 ____D C:\Users\Black mage\AppData\Local\{2FF5027A-CCFC-4D97-952D-8E4E1D0BE8CF}
2012-10-24 17:17 - 2012-10-24 17:17 - 00000000 __SHD C:\found.000
2012-10-24 08:42 - 2012-10-24 08:42 - 00000000 ____D C:\Users\Black mage\AppData\Local\{B821BB45-54F5-4E0F-9C44-D93D39204B1A}
2012-10-23 11:05 - 2012-10-23 11:04 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F4F136EA-5B2F-4A49-9289-52E461F22FA2}
2012-10-23 11:05 - 2011-12-03 13:57 - 00000000 ____D C:\Users\Black mage\AppData\Local\Akamai
2012-10-22 22:38 - 2012-10-22 22:38 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C728B0F0-5FFE-41CE-A248-2445E9955C71}
2012-10-22 13:02 - 2012-10-22 13:02 - 00154464 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsdrivera.sys
2012-10-22 09:25 - 2012-10-22 09:24 - 00000000 ____D C:\Users\Black mage\AppData\Local\{3CB3FFA8-8725-4EAC-B298-9FB8A5113539}
2012-10-20 22:10 - 2012-10-20 22:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{80BD52DC-5C44-4812-8B9A-9183BA5CF009}
2012-10-20 10:10 - 2012-10-20 10:10 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F7CD66D0-2828-4FF9-BB0A-EA57885F8A99}
2012-10-19 22:10 - 2012-10-19 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{05E03EB6-1CA0-4E87-8655-23F62DCD1BFF}
2012-10-19 10:09 - 2012-10-19 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{D153C140-E546-4719-A2B2-602610A42040}
2012-10-18 22:09 - 2012-10-18 22:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{FFF79EE6-4282-4CDF-B0FF-AAF29C4EE4B6}
2012-10-18 10:09 - 2012-10-18 10:09 - 00000000 ____D C:\Users\Black mage\AppData\Local\{C5025685-A455-48FF-80A1-27A6CF364297}
2012-10-17 22:09 - 2012-10-17 22:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{F098D6BE-CBB0-428D-92B8-5A68F988D3CC}
2012-10-17 10:08 - 2012-10-17 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{5804D7F2-20CC-4787-938E-AA6EFE1B090A}
2012-10-16 22:08 - 2012-10-16 22:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{9265D5F3-CD3C-4118-94E9-EB9C69529A9D}
2012-10-16 10:08 - 2012-10-16 10:08 - 00000000 ____D C:\Users\Black mage\AppData\Local\{7F870E15-16A9-4713-92A0-735AB807367A}


ZeroAccess:
C:\Windows\Installer\{23151697-fd8a-69cd-7506-934393e3f49c}
C:\Windows\Installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1033597099-3782703190-954538369-1000\$23151697fd8a69cd7506934393e3f49c

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$23151697fd8a69cd7506934393e3f49c

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-28 21:11:56
Restore point made on: 2012-10-28 21:13:45
Restore point made on: 2012-10-28 21:14:13
Restore point made on: 2012-10-28 21:14:38
Restore point made on: 2012-10-28 21:15:39
Restore point made on: 2012-11-10 18:08:37
Restore point made on: 2012-11-10 18:09:35

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 2939.98 MB
Available physical RAM: 2423.99 MB
Total Pagefile: 2938.13 MB
Available Pagefile: 2419.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: (TI105952W0C) (Fixed) (Total:222.34 GB) (Free:122.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (VICTORINOX) (Removable) (Total:7.53 GB) (Free:7.48 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7712 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 222 GB 1501 MB
Partition 3 Primary 9 GB 223 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105952W0C NTFS Partition 222 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7712 MB 0 B

==================================================================================

Disk: 1
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

=========================================================

Last Boot: 2012-11-12 09:38

==================== End Of Log =============================


Unfortunately, I couldn't find the search.txt log. I searched the entire hard drive and the flash drive with no luck. Should I try rescanning?
 
Okay, here is next step...

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-11-12 09:38
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 
Here's the fixlog.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-11-2012
Ran by SYSTEM at 2012-11-16 09:26:01 Run:1
Running from F:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
 
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Whenever I start ComboFix normally, it freezes halfway in the process of unzipping its files before even starting. So I ran it in safe mode and when ComboFix was about to start, it said that it detected real time protection from AVG 2012, which I no longer have. I tried disabling AVG 2013 went as far as to uninstall AVG altogether and I'm still getting that message. Should I continue with the ComboFix anyway?
 
Do this, then try again please:

RogueKiller Scan

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
RGKRScan.png


  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
RGKRDelete.png


  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    RGKRShortcutsFix.png
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
 
So I was able to run both, sorry for taking so long.

Here are the RK reports.

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User: Black mage [Admin rights]
Mode: Scan -- Date: 11/21/2012 10:06:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] e0c606d3f1f977c085148ef792d58b31
[BSP] 76ce2fb0f38e8af641f56befc56cb22e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227677 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469356544 | Size: 9297 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User: Black mage [Admin rights]
Mode: Scan -- Date: 11/21/2012 10:06:34

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] e0c606d3f1f977c085148ef792d58b31
[BSP] 76ce2fb0f38e8af641f56befc56cb22e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227677 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469356544 | Size: 9297 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt


RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User: Black mage [Admin rights]
Mode: Remove -- Date: 11/21/2012 10:07:37

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{23151697-fd8a-69cd-7506-934393e3f49c}\U --> REMOVED
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> REMOVED AT REBOOT

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK2555GSX +++++
--- User ---
[MBR] e0c606d3f1f977c085148ef792d58b31
[BSP] 76ce2fb0f38e8af641f56befc56cb22e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 227677 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 469356544 | Size: 9297 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[7].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt ; RKreport[7].txt


Here is the combo fix log.

ComboFix 12-11-21.01 - Black mage 11/21/2012 10:52:34.3.1 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.2210 [GMT -8:00]
Running from: c:\users\Black mage\Desktop\iexplore.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\BrowserCompanion
c:\program files (x86)\BrowserCompanion\logo.ico
c:\program files (x86)\BrowserCompanion\updatebhoWin32.dll_1
c:\users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\{23A78B09-0511-44B7-97D4-AF54ECCF391B}.xps
c:\users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3A1E74F7-01E4-4464-9E5C-68162B6D2168}.xps
c:\users\Black mage\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C63A5A9A-E713-47D0-935E-58A6C0C02722}.xps
c:\users\Black mage\Documents\~WRL2326.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-21 to 2012-11-21 )))))))))))))))))))))))))))))))
.
.
2012-11-21 19:47 . 2012-11-21 19:47--------d-----w-c:\users\Default\AppData\Local\temp
2012-11-19 05:05 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 05:05 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 05:05 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 05:05 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-19 04:49 . 2012-10-08 11:231392128----a-w-c:\windows\system32\wininet.dll
2012-11-19 04:41 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 04:41 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 04:41 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-19 04:41 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-19 04:41 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-19 04:41 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-19 04:41 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 23:28 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-11-17 23:28 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-11-17 23:28 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-17 23:28 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-11-17 23:23 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
2012-11-17 23:23 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-11-17 23:23 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
2012-11-17 23:23 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
2012-11-17 23:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
2012-11-17 23:22 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2012-11-17 23:22 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2012-11-17 23:22 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-17 23:22 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-17 23:22 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2012-11-17 23:22 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2012-11-17 23:22 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2012-11-17 23:22 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2012-11-17 23:22 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
2012-11-17 23:22 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
2012-11-17 22:48 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
2012-11-17 22:48 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
2012-11-17 22:48 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
2012-11-17 22:48 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
2012-11-17 22:48 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
2012-11-17 22:48 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2012-11-17 22:48 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2012-11-17 22:48 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2012-11-17 22:48 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2012-11-17 22:48 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-11-17 22:48 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-11-17 18:45 . 2012-11-18 06:45--------d-----w-c:\program files (x86)\AVG Secure Search
2012-11-15 22:37 . 2012-11-15 22:37--------d-----w-C:\FRST
2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\users\Black mage\AppData\Roaming\Malwarebytes
2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\programdata\Malwarebytes
2012-11-14 20:57 . 2012-09-30 03:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-13 23:14 . 2012-11-13 23:14--------d-----w-c:\users\Black mage\AppData\Roaming\AVG2013
2012-11-11 02:14 . 2012-11-11 02:14--------d-----w-c:\users\Black mage\AppData\Roaming\TuneUp Software
2012-11-11 02:09 . 2012-11-17 18:45--------d-----w-c:\programdata\AVG2013
2012-11-11 01:50 . 2012-11-14 21:04--------d-----w-c:\users\Black mage\AppData\Local\Avg2013
2012-11-11 01:50 . 2012-11-11 01:50--------d-----w-c:\users\Black mage\AppData\Local\MFAData
2012-11-04 23:37 . 2012-11-04 23:37--------d-----w-c:\users\Black mage\AppData\Roaming\Big Fish Games
2012-11-04 08:55 . 2012-11-04 08:56--------d-----w-c:\program files (x86)\Fairway
2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\programdata\Big Fish Games
2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\program files (x86)\bfgclient
2012-11-04 08:38 . 2012-11-05 00:37--------d-----w-C:\BigFishGamesCache
2012-10-29 05:20 . 2012-10-29 05:20--------d-----w-c:\windows\en
2012-10-29 05:15 . 2012-09-12 22:2057856----a-w-c:\windows\system32\drivers\fssfltr.sys
2012-10-29 05:13 . 2012-10-29 05:13--------d-----w-c:\program files (x86)\Microsoft SkyDrive
2012-10-29 05:13 . 2012-10-29 05:125659096----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\fb05c59d1cdb59301\skydrivesetup.exe
2012-10-29 05:13 . 2012-10-29 05:13--------d-----r-c:\users\Black mage\SkyDrive
2012-10-29 05:13 . 2012-10-29 05:1389944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DSETUP.dll
2012-10-29 05:13 . 2012-10-29 05:13537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\DXSETUP.exe
2012-10-29 05:13 . 2012-10-29 05:131801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\212082c21cdb59404\dsetup32.dll
2012-10-29 05:13 . 2012-10-29 05:13--------d-----w-c:\programdata\Microsoft SkyDrive
2012-10-29 05:13 . 2012-10-29 05:1389944----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DSETUP.dll
2012-10-29 05:13 . 2012-10-29 05:13537432----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\DXSETUP.exe
2012-10-29 05:13 . 2012-10-29 05:131801048----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\102e094c1cdb59403\dsetup32.dll
2012-10-29 05:12 . 2012-10-29 05:1294040----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DSETUP.dll
2012-10-29 05:12 . 2012-10-29 05:12525656----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\DXSETUP.exe
2012-10-29 05:12 . 2012-10-29 05:121691480----a-w-c:\program files (x86)\Common Files\Windows Live\.cache\e316e891cdb59402\dsetup32.dll
2012-10-25 01:17 . 2012-10-25 01:17--------d-----w-C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 18:15 . 2012-04-03 07:214940----a-w-c:\windows\system32\PerfStringBackup.TMP
2012-11-09 07:22 . 2012-07-21 21:5530568----a-w-c:\windows\system32\drivers\avgtpx64.sys
2012-10-30 05:04 . 2011-12-05 22:4666395536----a-w-c:\windows\system32\MRT.exe
2012-10-15 11:48 . 2012-10-15 11:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
2012-10-08 20:49 . 2012-04-07 05:09696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:49 . 2011-11-18 01:4373656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 03:47 . 2012-09-30 03:4795208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 03:47 . 2012-08-07 10:21821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 03:47 . 2012-01-10 05:29746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-09-21 11:46 . 2012-09-21 11:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
2012-09-21 11:46 . 2012-09-21 11:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
2012-09-12 23:07 . 2012-09-12 23:0758368----a-w-c:\windows\SysWow64\sirenacm.dll
2012-09-12 22:57 . 2012-09-12 22:57322048----a-w-c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-18 06:451796552----a-w-c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-18 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avichannel"="c:\program files (x86)\Evaer\videochannel.exe" [2012-02-03 1691136]
"Akamai NetSession Interface"="c:\users\Black mage\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17420464]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-18 296056]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-25 801792]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-05 103896]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-18 997320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-11-17 856160]
.
c:\users\Black mage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-05 793048]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:49]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
.
2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
.
2012-11-21 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2011-12-08 05:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKLM-Run-ROC_ROC_JULY_P1 - c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe
SafeBoot-76104852.sys
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\users\Black mage\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-21 12:32:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-21 20:32
.
Pre-Run: 133,104,660,480 bytes free
Post-Run: 134,057,418,752 bytes free
.
- - End Of File - - 13F129ABE3C0878BE3F802C237BB3777
It seemed like it found the infected services.exe file, but I want to make sure that everything is clean and that there aren't any files that I need to replace.
 
Sorry for delay. I just came back from my short vacation. :)

ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.
 
Sorry about the late response now, I also went on vacation. I just got back and I haven't had a chance to do anything, I just wanted to let you know that I haven't disappeared and I appreciate the help so far.
 
Here's the combofix log.

ComboFix 12-11-29.02 - Black mage 12/01/2012 10:03:43.6.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1848 [GMT -8:00]
Running from: c:\users\Black mage\Desktop\ComboFix.exe
Command switches used :: c:\users\Black mage\Desktop\CFScript.txt
AV: AVG Internet Security 2013 *Disabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Internet Security 2013 *Disabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 18:20 . 2012-12-01 18:20--------d-----w-c:\users\Default\AppData\Local\temp
2012-12-01 18:20 . 2012-12-01 18:20--------d-----w-c:\users\Administrator\AppData\Local\temp
2012-11-25 23:57 . 2012-11-25 23:57--------d-----w-c:\program files (x86)\Common Files\Skype
2012-11-19 05:05 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2012-11-19 05:05 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2012-11-19 05:05 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-19 05:05 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2012-11-19 04:49 . 2012-10-08 11:231392128----a-w-c:\windows\system32\wininet.dll
2012-11-19 04:41 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2012-11-19 04:41 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2012-11-19 04:41 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2012-11-19 04:41 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2012-11-19 04:41 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2012-11-19 04:41 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2012-11-19 04:41 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 23:28 . 2012-10-09 18:1755296----a-w-c:\windows\system32\dhcpcsvc6.dll
2012-11-17 23:28 . 2012-10-09 18:17226816----a-w-c:\windows\system32\dhcpcore6.dll
2012-11-17 23:28 . 2012-10-09 17:4044032----a-w-c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-17 23:28 . 2012-10-09 17:40193536----a-w-c:\windows\SysWow64\dhcpcore6.dll
2012-11-17 23:23 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
2012-11-17 23:23 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
2012-11-17 23:23 . 2012-09-14 19:192048----a-w-c:\windows\system32\tzres.dll
2012-11-17 23:23 . 2012-09-14 18:282048----a-w-c:\windows\SysWow64\tzres.dll
2012-11-17 23:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
2012-11-17 23:22 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2012-11-17 23:22 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2012-11-17 23:22 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2012-11-17 23:22 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2012-11-17 23:22 . 2012-07-04 22:1673216----a-w-c:\windows\system32\netapi32.dll
2012-11-17 23:22 . 2012-07-04 22:1359392----a-w-c:\windows\system32\browcli.dll
2012-11-17 23:22 . 2012-07-04 22:13136704----a-w-c:\windows\system32\browser.dll
2012-11-17 23:22 . 2012-07-04 21:1441984----a-w-c:\windows\SysWow64\browcli.dll
2012-11-17 23:22 . 2012-05-05 08:36503808----a-w-c:\windows\system32\srcore.dll
2012-11-17 23:22 . 2012-05-05 07:4643008----a-w-c:\windows\SysWow64\srclient.dll
2012-11-17 22:48 . 2012-05-14 05:26956928----a-w-c:\windows\system32\localspl.dll
2012-11-17 22:48 . 2012-02-11 06:43751104----a-w-c:\windows\system32\win32spl.dll
2012-11-17 22:48 . 2012-02-11 06:36559104----a-w-c:\windows\system32\spoolsv.exe
2012-11-17 22:48 . 2012-02-11 06:3667072----a-w-c:\windows\splwow64.exe
2012-11-17 22:48 . 2012-02-11 05:43492032----a-w-c:\windows\SysWow64\win32spl.dll
2012-11-17 22:48 . 2012-06-02 05:411464320----a-w-c:\windows\system32\crypt32.dll
2012-11-17 22:48 . 2012-06-02 05:41184320----a-w-c:\windows\system32\cryptsvc.dll
2012-11-17 22:48 . 2012-06-02 04:361159680----a-w-c:\windows\SysWow64\crypt32.dll
2012-11-17 22:48 . 2012-06-02 05:41140288----a-w-c:\windows\system32\cryptnet.dll
2012-11-17 22:48 . 2012-06-02 04:36140288----a-w-c:\windows\SysWow64\cryptsvc.dll
2012-11-17 22:48 . 2012-06-02 04:36103936----a-w-c:\windows\SysWow64\cryptnet.dll
2012-11-17 18:45 . 2012-11-18 06:45--------d-----w-c:\program files (x86)\AVG Secure Search
2012-11-15 22:37 . 2012-11-15 22:37--------d-----w-C:\FRST
2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\users\Black mage\AppData\Roaming\Malwarebytes
2012-11-14 20:57 . 2012-11-14 20:57--------d-----w-c:\programdata\Malwarebytes
2012-11-14 20:57 . 2012-09-30 03:5425928----a-w-c:\windows\system32\drivers\mbam.sys
2012-11-13 23:14 . 2012-11-13 23:14--------d-----w-c:\users\Black mage\AppData\Roaming\AVG2013
2012-11-11 02:14 . 2012-11-11 02:14--------d-----w-c:\users\Black mage\AppData\Roaming\TuneUp Software
2012-11-11 02:09 . 2012-11-22 21:17--------d-----w-c:\programdata\AVG2013
2012-11-11 01:50 . 2012-11-14 21:04--------d-----w-c:\users\Black mage\AppData\Local\Avg2013
2012-11-11 01:50 . 2012-11-11 01:50--------d-----w-c:\users\Black mage\AppData\Local\MFAData
2012-11-04 23:37 . 2012-11-04 23:37--------d-----w-c:\users\Black mage\AppData\Roaming\Big Fish Games
2012-11-04 08:55 . 2012-11-04 08:56--------d-----w-c:\program files (x86)\Fairway
2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\programdata\Big Fish Games
2012-11-04 08:40 . 2012-11-04 08:40--------d-----w-c:\program files (x86)\bfgclient
2012-11-04 08:38 . 2012-11-05 00:37--------d-----w-C:\BigFishGamesCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 05:30 . 2012-04-03 07:214940----a-w-c:\windows\system32\PerfStringBackup.TMP
2012-11-09 07:22 . 2012-07-21 21:5530568----a-w-c:\windows\system32\drivers\avgtpx64.sys
2012-10-30 05:04 . 2011-12-05 22:4666395536----a-w-c:\windows\system32\MRT.exe
2012-10-15 11:48 . 2012-10-15 11:4863328----a-w-c:\windows\system32\drivers\avgidsha.sys
2012-10-08 20:49 . 2012-04-07 05:09696760----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:49 . 2011-11-18 01:4373656----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 03:47 . 2012-09-30 03:4795208----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 03:47 . 2012-08-07 10:21821736----a-w-c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 03:47 . 2012-01-10 05:29746984----a-w-c:\windows\SysWow64\deployJava1.dll
2012-09-21 11:46 . 2012-09-21 11:46200032----a-w-c:\windows\system32\drivers\avgtdia.sys
2012-09-21 11:46 . 2012-09-21 11:46225120----a-w-c:\windows\system32\drivers\avgloga.sys
2012-09-12 23:07 . 2012-09-12 23:0758368----a-w-c:\windows\SysWow64\sirenacm.dll
2012-09-12 22:57 . 2012-09-12 22:57322048----a-w-c:\windows\WLXPGSS.SCR
2012-09-12 22:20 . 2012-10-29 05:1557856----a-w-c:\windows\system32\drivers\fssfltr.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49176936----a-w-c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-18 06:451796552----a-w-c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-18 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-29 05:13220632----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3294208----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Black mage\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-02-23 6591800]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-19 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-11-18 296056]
"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-10-25 801792]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-05 103896]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-18 997320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-11-17 856160]
.
c:\users\Black mage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Black mage\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-18 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-05 793048]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-09 711112]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-03-05 75816]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
AkamaiREG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 20:49]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-19 21:43]
.
2012-12-01 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2011-12-08 05:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-29 05:13244696----a-w-c:\users\Black mage\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:3297792----a-w-c:\users\Black mage\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Black mage\AppData\Roaming\Mozilla\Firefox\Profiles\cpyojn77.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1033597099-3782703190-954538369-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-01 10:38:37
ComboFix-quarantined-files.txt 2012-12-01 18:38
ComboFix2.txt 2012-11-21 20:32
.
Pre-Run: 134,125,137,920 bytes free
Post-Run: 133,698,985,984 bytes free
.
- - End Of File - - D38C8ACA3EA978F57AA726EBC0668DF8
 
ComboFix Script

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    ClearJavaCache::

    DDS::
    uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;

    Firefox::
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
  • Save this as CFScript.txt, in the same location as ComboFix.exe
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
I appreciate your patience, I know that this is all your free time that you're donating and I'm certainly not looking to abuse it. As of Monday, I just started working two jobs, and the computer has sort of fallen on the backburner a little. The computer gets slow every once in a while, and it's fixed with a quick reboot in nearly all cases. Occasionally, the CPU usage also clocks to 100%, which is usually when the computer slows. I'll go ahead and run the programs as soon as I can. Just wanted to check in.
 
Back