Win64/Patched.A + other related malware

Inactive
By njoyd
Jan 9, 2013
  1. Hi everyone,

    I recently discovered that my laptop has been infected with the Patched.A virus which has caused AVG to send off notifications for other malware such as Luhe.Sirefef.A, Trojan horse BackDoor.Generic16.AAEZ and several others. I came across your website when searching for fixes and was really impressed by the dedication of your forum team.

    I have Windows 7 (64bit) and have followed all of the instructions in your 4-step instructions thread.

    Any help would be much appreciated, thanks very much!

    MBAM log:

    Malwarebytes Anti-Malware (Trial) 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.01.09.03

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    so many frogs :: ALAKAZAM [administrator]

    Protection: Enabled

    9/01/2013 11:45:58 p.m.
    mbam-log-2013-01-09 (23-45-58).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 222939
    Time elapsed: 9 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\80000032.@ (Trojan.Clicker) -> Quarantined and deleted successfully.

    (end)


    DDS.txt:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by so many frogs at 0:29:30 on 2013-01-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.64.1033.18.3948.1791 [GMT 13:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\CxAudMsg64.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Windows\System32\StikyNot.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
    C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
    C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
    C:\Users\so many frogs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\taskeng.exe
    C:\DOLBY PCEE4\pcee4.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
    C:\Program Files\HP\HP Officejet 6500 E710n-z\bin\HPNetworkCommunicator.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\consent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Last.fm\LastFM.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\so many frogs\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.nz/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://acer.msn.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    uURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    TB: uTorrentControl_v2 Toolbar: {7473B6BD-4691-4744-A82B-7854EB3D70B6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: uTorrentControl_v2 Toolbar: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files (x86)\uTorrentControl_v2\prxtbuTor.dll
    TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.6\ytdToolbarIE.dll
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [Google Update] "C:\Users\so many frogs\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Facebook Update] "C:\Users\so many frogs\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
    mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart
    mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\Users\SOMANY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\so many frogs\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\SOMANY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACERVC~1.LNK - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{CD555936-A821-4029-BF29-B18514EADD3E} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{CD555936-A821-4029-BF29-B18514EADD3E}\2456C6B696E6E233446343 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{CD555936-A821-4029-BF29-B18514EADD3E}\3434343547166666 : DHCPNameServer = 192.168.0.54
    TCP: Interfaces\{CD555936-A821-4029-BF29-B18514EADD3E}\344484243547166666 : DHCPNameServer = 172.20.106.14
    TCP: Interfaces\{CD555936-A821-4029-BF29-B18514EADD3E}\3547F6B656A7 : DHCPNameServer = 10.1.1.1
    TCP: Interfaces\{CD555936-A821-4029-BF29-B18514EADD3E}\7427F626C696E6027427F64747F6 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{CD555936-A821-4029-BF29-B18514EADD3E}\C48435F57457563747 : DHCPNameServer = 172.16.0.2 172.16.0.3
    TCP: Interfaces\{D44F3F10-2C71-471C-A202-BE1831F12663} : DHCPNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://acer.msn.com
    x64-mDefault_Page_URL = hxxp://acer.msn.com
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-8-10 25960]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-9 30568]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-5-24 22912]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-5-24 20328]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-5-24 62584]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-11-28 793600]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-8-10 198784]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-24 352336]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-8-10 799848]
    R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-1-18 29696]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-24 13336]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-24 1817088]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-5-24 244624]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-24 256832]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-30 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-24 2656280]
    R2 vToolbarUpdater13.3.2;vToolbarUpdater13.3.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [2013-1-9 894920]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-5-24 138024]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-24 317440]
    R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-4-27 25496]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-5-24 76912]
    R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
    R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
    R3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-24 333928]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RS_Service;Raw Socket Service;C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2011-5-25 260640]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 BTWAMPFL;BTWAMPFL;C:\Windows\System32\drivers\btwampfl.sys [2011-8-10 349224]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-8-10 39464]
    S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-14 1038088]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-4-27 34200]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-9-3 227232]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-3 340240]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-30 149504]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-11 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-09 10:42:36--------d-----w-C:\Users\so many frogs\AppData\Roaming\Malwarebytes
    2013-01-09 10:42:17--------d-----w-C:\ProgramData\Malwarebytes
    2013-01-09 10:42:1524176----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-01-09 10:42:15--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-08 12:18:16--------d-----w-C:\Users\so many frogs\AppData\Roaming\AVG2013
    2013-01-08 12:13:07--------d-----w-C:\Users\so many frogs\AppData\Local\AVG Secure Search
    2013-01-08 12:13:00--------d-----w-C:\Users\so many frogs\AppData\Roaming\TuneUp Software
    2013-01-08 12:12:59--------d-----w-C:\ProgramData\AVG Secure Search
    2013-01-08 12:12:5530568----a-w-C:\Windows\System32\drivers\avgtpx64.sys
    2013-01-08 12:12:53--------d-----w-C:\Program Files (x86)\Common Files\AVG Secure Search
    2013-01-08 12:12:53--------d-----w-C:\Program Files (x86)\AVG Secure Search
    2013-01-08 12:11:28--------d--h--w-C:\$AVG
    2013-01-08 12:11:28--------d-----w-C:\ProgramData\AVG2013
    2013-01-08 12:10:35--------d-----w-C:\Program Files (x86)\AVG
    2013-01-08 12:01:10--------d--h--w-C:\ProgramData\Common Files
    2013-01-08 12:01:10--------d-----w-C:\Users\so many frogs\AppData\Local\MFAData
    2013-01-08 12:01:10--------d-----w-C:\Users\so many frogs\AppData\Local\Avg2013
    2013-01-08 12:01:10--------d-----w-C:\ProgramData\MFAData
    2013-01-07 04:08:02--------d-----w-C:\Program Files (x86)\Haali
    2013-01-07 04:00:25--------d-sh--w-C:\Windows\SysWow64\%APPDATA%
    2013-01-07 03:58:34--------d-----w-C:\Program Files\MPC-HC
    2013-01-07 03:58:04--------d-----w-C:\Users\so many frogs\AppData\Local\Programs
    2013-01-07 03:52:51224256----a-w-C:\ProgramData\Microsoft\Media Tools\MediaIconsOverlays.dll
    2013-01-07 03:52:33--------d-----w-C:\Program Files (x86)\Mega Codec Pack
    2013-01-05 00:18:059125352----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA9B3CC7-F694-419B-8220-E25336AE45FD}\mpengine.dll
    2012-12-21 09:06:0446080----a-w-C:\Windows\System32\atmlib.dll
    2012-12-21 09:06:04367616----a-w-C:\Windows\System32\atmfd.dll
    2012-12-21 09:06:0434304----a-w-C:\Windows\SysWow64\atmlib.dll
    2012-12-21 09:06:03295424----a-w-C:\Windows\SysWow64\atmfd.dll
    2012-12-12 10:34:502048----a-w-C:\Windows\SysWow64\tzres.dll
    2012-12-12 10:34:502048----a-w-C:\Windows\System32\tzres.dll
    2012-12-12 10:34:123149824----a-w-C:\Windows\System32\win32k.sys
    2012-12-12 10:32:50478208----a-w-C:\Windows\System32\dpnet.dll
    2012-12-12 10:32:50376832----a-w-C:\Windows\SysWow64\dpnet.dll
    .
    ==================== Find3M ====================
    .
    2013-01-09 01:05:5674248----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-09 01:05:56697864----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-14 06:11:442312704----a-w-C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:111392128----a-w-C:\Windows\System32\wininet.dll
    2012-11-14 06:02:491494528----a-w-C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46599040----a-w-C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35173056----a-w-C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:402382848----a-w-C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:221800704----a-w-C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:151427968----a-w-C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:371129472----a-w-C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25142848----a-w-C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27420864----a-w-C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:422382848----a-w-C:\Windows\SysWow64\mshtml.tlb
    2012-10-22 00:02:44154464----a-w-C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-10-16 08:38:37135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52561664----a-w-C:\Windows\apppatch\AcLayers.dll
    2012-10-14 14:48:5063328----a-w-C:\Windows\System32\drivers\avgidsha.sys
    .
    ============= FINISH: 0:30:59.75 ===============

    Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/01/2012 11:31:28 p.m.
    System Uptime: 10/01/2013 12:09:24 a.m. (0 hours ago)
    .
    Motherboard: Acer | | JM40_HR
    Processor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz | CPU1 | 792/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 684 GiB total, 236.729 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP88: 21/12/2012 10:05:48 p.m. - Windows Update
    RP89: 26/12/2012 12:17:23 a.m. - Windows Update
    RP90: 29/12/2012 2:51:11 p.m. - Windows Update
    RP91: 2/01/2013 10:57:37 a.m. - Windows Update
    RP92: 5/01/2013 1:17:13 p.m. - Windows Update
    RP93: 9/01/2013 1:10:04 a.m. - Installed AVG 2013
    RP94: 9/01/2013 1:10:47 a.m. - Installed AVG 2013
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    1912 Titanic Mystery
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer eRecovery Management
    Acer GameZone Console
    Acer PowerSmart Manager
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer USB Charge Manager
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Anchor Service x64 CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe CMaps x64 CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe CSI CS4 x64
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe Drive CS4 x64
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 11 ActiveX
    Adobe Fonts All
    Adobe Fonts All x64
    Adobe Linguistics CS4
    Adobe Linguistics CS4 x64
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDF Library Files x64 CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 (64 Bit)
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.4)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Type Support x64 CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe WinSoft Linguistics Plugin x64
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    µTorrent
    Audacity 2.0
    AVG 2013
    AVS Screen Capture version 2.0.1
    AVS Update Manager 1.0
    AVS Video Editor 6
    AVS Video Recorder 2.4
    AVS4YOU Software Navigator 1.4
    Backup Manager V3
    Bejeweled 2 Deluxe
    Belles Beauty Boutique
    Bing Bar
    Bonjour
    Chicken Invaders 3
    clear.fi
    clear.fi Client
    Commander Keen Complete Pack
    Condition Zero 3
    Conexant HD Audio
    Connect
    D3DX10
    DOOM II: Hell on Earth
    Dream Day First Home
    Dropbox
    ETDWare PS/2-X64 8.0.6.0_WHQL
    Facebook Video Calling 1.2.0.287
    Farm Frenzy 3 Ice Age
    Final DOOM
    Flip Words
    Fotogalerija Windows Live
    Free Alarm Clock 2.7.0
    Galapago
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galeria fotogràfica del Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Haali Media Splitter
    HP Officejet 6500 E710n-z Basic Device Software
    HP Officejet 6500 E710n-z Help
    HP Officejet 6500 E710n-z Product Improvement Study
    HP Update
    I.R.I.S. OCR
    Identity Card
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Monitor 2.0
    Intel(R) WiDi
    Intel(R) Wireless Display
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    jZip
    kuler
    LAME v3.99.3 (for Windows)
    Last.fm 1.5.4.27091
    Launch Manager
    LG Bluetooth Drivers
    LG PC Suite IV
    LG United Mobile Drivers
    Malwarebytes Anti-Malware version 1.70.0.1100
    McAfee Security Scan Plus
    MediaEspresso
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MPC-HC 1.6.5.6366 (64-bit)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MyWinLocker
    MyWinLocker 4
    MyWinLocker Suite
    newsXpresso
    Norton Online Backup
    NTI Media Maker 9
    NVIDIA Control Panel 267.21
    NVIDIA Graphics Driver 267.21
    NVIDIA Install Application
    NVIDIA PhysX
    OpenOffice.org 3.3
    PDF Settings CS4
    Photoshop Camera Raw
    Photoshop Camera Raw_x64
    Picasa 3
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    PosteRazor
    Pošta Windows Live
    Quake
    Quake II
    Quake Live Internet Explorer Plugin
    Quake Live Mozilla Plugin
    Raccolta foto di Windows Live
    Realtek PCIE Card Reader
    Renesas Electronics USB 3.0 Host Controller Driver
    Return to Castle Wolfenstein
    S?????? f?t???af??? t?? Windows Live
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Shredder
    Skype Click to Call
    Skype™ 5.10
    Sprill and Ritchie
    Steam
    Suite Shared Configuration CS4
    Team Fortress 2
    TeamSpeak 3 Client
    The Ship
    The Ultimate DOOM
    Unreal Tournament
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    uTorrentControl_v2 Toolbar
    Visual Studio 2010 x64 Redistributables
    VLC media player 2.0.1
    Welcome Center
    WIDCOMM Bluetooth Software
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Argazki Galeria
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    Wolfenstein 3D
    World of Goo
    YTD Toolbar v6.6
    YTD Video Downloader 3.9.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/01/2013 10:29:16 p.m., Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    8/01/2013 10:29:16 p.m., Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    7/01/2013 9:50:24 p.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    10/01/2013 12:11:28 a.m., Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    10/01/2013 12:11:28 a.m., Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    10/01/2013 12:10:32 a.m., Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/01/2013 12:10:30 a.m., Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    10/01/2013 12:10:28 a.m., Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Raw Socket Service service to connect.
    10/01/2013 12:10:28 a.m., Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    10/01/2013 12:10:28 a.m., Error: Service Control Manager [7000] - The Raw Socket Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/01/2013 12:10:21 a.m., Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    10/01/2013 12:04:40 a.m., Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    .
    ==== End Of File ===========================
  2. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    In case this is helpful, here is a screenshot of the malware that is picked up by AVG upon turning on my laptop. None of the malware goes away after "removing" it (including those that require a reboot to fix).

    Many thanks.

    Attached Files:

  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Farbar Recovery Scan Tool x64

    Download Farbar Recovery Scan Tool and save it to a flash drive.


    Please make sure to get the 64-bit version

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64.exe and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button. It will do its scan and save a log on your flash drive.
    • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
      [​IMG]
      When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
    • Type exit in the Command Prompt window and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
  4. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Mant thanks for your reply; here are the logs:

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-01-2013
    Ran by SYSTEM at 10-01-2013 12:05:21
    Running from G:\
    Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet002

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
    HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-05-02] (Intel(R) Corporation)
    HKLM\...\Run: [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe [2588968 2010-11-11] (ELAN Microelectronics Corp.)
    HKLM\...\Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe [499304 2011-03-28] (Acer Incorporated)
    HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
    HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340336 2010-09-27] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [407920 2010-09-17] (Egis Technology Inc.)
    HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [201584 2010-09-17] (Egis Technology Inc.)
    HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
    HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [297280 2011-04-23] (NTI Corporation)
    HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
    HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-04-26] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-02-03] (Dolby Laboratories Inc.)
    HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-02-18] (CyberLink Corp.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-11] (Hewlett-Packard)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-13] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [1123720 2012-11-27] (Spigot, Inc.)
    HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3143800 2012-11-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1046984 2013-01-08] ()
    HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
    HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
    HKU\so many frogs\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
    HKU\so many frogs\...\Run: [Google Update] "C:\Users\so many frogs\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-04-10] (Google Inc.)
    HKU\so many frogs\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1354736 2012-12-03] (Valve Corporation)
    HKU\so many frogs\...\Run: [Facebook Update] "C:\Users\so many frogs\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-16] (Facebook Inc.)
    HKU\so many frogs\...\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun [1328976 2012-04-24] (Comfort Software Group)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Acer VCM.lnk
    ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.189\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\so many frogs\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> (No File)
    Startup: C:\Users\so many frogs\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
    ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Services (Whitelisted) ===================

    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe" [5814392 2012-11-05] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe" [196664 2012-10-21] (AVG Technologies CZ, s.r.o.)
    2 CxAudMsg; C:\Windows\system32\CxAudMsg64.exe [198784 2010-12-16] (Conexant Systems Inc.)
    2 ePowerSvc; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [799848 2011-03-28] (Acer Incorporated)
    2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-13] (Malwarebytes Corporation)
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-13] (Malwarebytes Corporation)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe" [227232 2010-09-02] (McAfee, Inc.)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
    2 NOBU; "C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe" SERVICE [2804568 2010-06-01] (Symantec Corporation)
    2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
    2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
    2 vToolbarUpdater13.3.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe [894920 2013-01-08] ()

    ==================== Drivers (Whitelisted) =====================

    1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-21] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [63328 2012-10-14] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [185696 2012-10-01] (AVG Technologies CZ, s.r.o.)
    0 Avgloga; C:\Windows\System32\Drivers\Avgloga.sys [225120 2012-09-20] (AVG Technologies CZ, s.r.o.)
    0 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [111456 2012-10-04] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [40800 2012-09-13] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [200032 2012-09-20] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [30568 2013-01-08] (AVG Technologies)
    3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-28] (LG Electronics Inc.)
    3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-28] (LG Electronics Inc.)
    3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-28] (LG Electronics Inc.)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24176 2012-12-13] (Malwarebytes Corporation)

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2013-01-10 12:05 - 2013-01-10 12:05 - 00000000 ____D C:\FRST
    2013-01-09 14:03 - 2013-01-09 14:28 - 73719798 ____A C:\Users\so many frogs\Downloads\Little Pictures - Owl + Owl.zip
    2013-01-09 14:03 - 2013-01-09 14:17 - 48594030 ____A C:\Users\so many frogs\Downloads\Tiddabadés - Tiddabadés E.P.zip
    2013-01-09 13:45 - 2013-01-09 13:46 - 19683512 ____A C:\Users\so many frogs\Downloads\mammal_airlines_-_smoking-_not_our_future_640x360.mp4
    2013-01-09 13:40 - 2013-01-09 14:00 - 75092655 ____A C:\Users\so many frogs\Downloads\capsul_-_wide_awake_looking_out_at_the_night_(remixes_covers_and_collaborations).zip
    2013-01-09 13:40 - 2013-01-09 13:49 - 09816531 ____A C:\Users\so many frogs\Downloads\capsul_-_blurry_eyes_ep.zip
    2013-01-09 13:40 - 2013-01-09 13:48 - 27002634 ____A C:\Users\so many frogs\Downloads\capsul_-_bookcase.zip
    2013-01-09 13:40 - 2013-01-09 13:46 - 09067676 ____A C:\Users\so many frogs\Downloads\capsul_-_no_paved_street_(a_collaboration_with_richard_c).zip
    2013-01-09 13:40 - 2013-01-09 13:45 - 13969159 ____A C:\Users\so many frogs\Downloads\capsul_-_youre_lying.zip
    2013-01-09 13:39 - 2013-01-09 13:42 - 03860930 ____A C:\Users\so many frogs\Downloads\capsul_-_coherence.zip
    2013-01-09 03:31 - 2013-01-09 03:31 - 00011673 ____A C:\Users\so many frogs\Desktop\attach.txt
    2013-01-09 03:31 - 2013-01-09 03:30 - 00028092 ____A C:\Users\so many frogs\Desktop\dds.txt
    2013-01-09 03:14 - 2013-01-09 03:14 - 00688992 ____R (Swearware) C:\Users\so many frogs\Downloads\dds.com
    2013-01-09 02:42 - 2013-01-09 02:42 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\Malwarebytes
    2013-01-09 02:42 - 2013-01-09 02:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-09 02:42 - 2013-01-09 02:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-09 02:42 - 2012-12-13 19:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2013-01-09 02:25 - 2013-01-09 02:28 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\so many frogs\Downloads\mbam-setup-1.70.0.1100.exe
    2013-01-08 14:45 - 2013-01-08 14:45 - 00821248 ____A C:\Users\so many frogs\Downloads\FreeISOBurner.exe
    2013-01-08 14:43 - 2013-01-08 14:45 - 90095616 ____A C:\Users\so many frogs\Downloads\avg_arl_cdi_all_120_120823a5411.iso
    2013-01-08 04:18 - 2013-01-08 04:18 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\AVG2013
    2013-01-08 04:13 - 2013-01-08 04:13 - 00000973 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-01-08 04:13 - 2013-01-08 04:13 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\TuneUp Software
    2013-01-08 04:13 - 2013-01-08 04:13 - 00000000 ____D C:\Users\so many frogs\AppData\Local\AVG Secure Search
    2013-01-08 04:12 - 2013-01-08 04:12 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-01-08 04:12 - 2013-01-08 04:12 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2013-01-08 04:12 - 2013-01-08 04:12 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2013-01-08 04:11 - 2013-01-09 03:07 - 00000000 ____D C:\Users\All Users\AVG2013
    2013-01-08 04:11 - 2013-01-08 04:11 - 00000000 ___HD C:\$AVG
    2013-01-08 04:10 - 2013-01-08 04:10 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-01-08 04:01 - 2013-01-09 13:18 - 00000000 ____D C:\Users\All Users\MFAData
    2013-01-08 04:01 - 2013-01-08 14:17 - 00000000 ____D C:\Users\so many frogs\AppData\Local\Avg2013
    2013-01-08 04:01 - 2013-01-08 04:01 - 00000000 ____D C:\Users\so many frogs\AppData\Local\MFAData
    2013-01-08 02:46 - 2013-01-08 02:46 - 00009199 ____A C:\Users\so many frogs\Desktop\number of poems.xlsx
    2013-01-06 20:08 - 2013-01-06 20:08 - 00000000 ____D C:\Program Files (x86)\Haali
    2013-01-06 20:00 - 2013-01-06 20:00 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-01-06 19:59 - 2013-01-06 19:59 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\Media Player Classic
    2013-01-06 19:58 - 2013-01-06 19:58 - 00000000 ____D C:\Program Files\MPC-HC
    2013-01-06 19:52 - 2013-01-06 19:52 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2013-01-06 18:42 - 2013-01-06 18:58 - 68807868 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Christopher_Owens_-_Lysandre_(2012).rar
    2013-01-06 17:55 - 2013-01-06 17:59 - 18305803 ____A C:\Users\so many frogs\Downloads\Bedpeace - You Are A Wuss- Part Wimp and Part Pu$$y.zip
    2013-01-06 17:54 - 2013-01-06 18:10 - 101705500 ____A C:\Users\so many frogs\Downloads\Bedpeace - The Wave Came And Took Me Away.zip
    2013-01-06 17:36 - 2013-01-06 17:45 - 29346631 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Foals - Total Life Forever Bonus CD (2010).rar
    2013-01-06 10:43 - 2013-01-06 10:43 - 00030889 ____A C:\Users\so many frogs\Downloads\7942DE39B3F73D6542C2FD97AE31949DCD2098BA.torrent
    2013-01-06 10:36 - 2013-01-06 11:18 - 118864520 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Foals - Total Life Forever (2010).rar
    2013-01-02 21:17 - 2013-01-02 21:38 - 44695829 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Blink-182 - Dogs Eating Dogs (2012).rar
    2013-01-02 18:10 - 2013-01-02 18:34 - 77464408 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Beach_Fossils_-_Clash_The_Truth_(2013).rar
    2013-01-02 17:57 - 2013-01-02 18:01 - 55151519 ____A C:\Users\so many frogs\Downloads\Black City Lights - RMXS.zip
    2013-01-02 17:49 - 2013-01-02 17:52 - 63460334 ____A C:\Users\so many frogs\Downloads\Black City Lights - Parallels EP.zip
    2013-01-02 17:48 - 2013-01-02 17:49 - 14110300 ____A C:\Users\so many frogs\Downloads\Misfit Mod - Sugar C.zip
    2013-01-02 16:57 - 2013-01-02 17:17 - 62284921 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Sleigh Bells - Treats (2010).rar
    2012-12-30 15:03 - 2012-12-30 15:04 - 00000384 ____A C:\Windows\wininit.ini
    2012-12-21 01:06 - 2012-12-16 09:11 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-21 01:06 - 2012-12-16 06:45 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-21 01:06 - 2012-12-16 06:13 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-21 01:06 - 2012-12-16 06:13 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-20 15:53 - 2012-12-20 16:40 - 108296442 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Flying Lotus - Until The Quiet Comes (2012).rar
    2012-12-16 21:38 - 2012-12-16 21:38 - 00034304 ____A C:\Users\so many frogs\Downloads\Regan and Frances CR4 CR5 booking (2) (1).wiz
    2012-12-16 21:37 - 2012-12-16 21:37 - 00034304 ____A C:\Users\so many frogs\Downloads\Regan and Frances CR4 CR5 booking (2).wiz
    2012-12-13 10:40 - 2012-12-13 10:40 - 00022016 ____A C:\Users\so many frogs\Downloads\Notes for term 4 portfolio writing (1).wiz
    2012-12-12 06:00 - 2012-11-13 23:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-12-12 06:00 - 2012-11-13 22:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-12-12 06:00 - 2012-11-13 22:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-12-12 06:00 - 2012-11-13 22:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-12-12 06:00 - 2012-11-13 22:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-12-12 06:00 - 2012-11-13 22:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-12-12 06:00 - 2012-11-13 22:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-12-12 06:00 - 2012-11-13 21:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-12-12 06:00 - 2012-11-13 21:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-12-12 06:00 - 2012-11-13 21:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-12-12 06:00 - 2012-11-13 21:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-12-12 06:00 - 2012-11-13 21:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-12-12 06:00 - 2012-11-13 21:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-12-12 06:00 - 2012-11-13 21:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-12-12 06:00 - 2012-11-13 21:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-12-12 06:00 - 2012-11-13 21:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-12-12 06:00 - 2012-11-13 18:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-12-12 06:00 - 2012-11-13 18:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-12-12 06:00 - 2012-11-13 18:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-12-12 06:00 - 2012-11-13 17:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-12-12 06:00 - 2012-11-13 17:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-12-12 06:00 - 2012-11-13 17:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-12-12 06:00 - 2012-11-13 17:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-12-12 06:00 - 2012-11-13 17:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-12-12 06:00 - 2012-11-13 17:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-12-12 06:00 - 2012-11-13 17:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-12-12 06:00 - 2012-11-13 17:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-12-12 06:00 - 2012-11-13 17:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-12-12 06:00 - 2012-11-13 17:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-12-12 06:00 - 2012-11-13 17:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-12-12 06:00 - 2012-11-13 17:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-12-12 06:00 - 2012-11-13 17:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-12-12 02:34 - 2012-11-21 19:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-12-12 02:34 - 2012-11-08 21:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-12-12 02:34 - 2012-11-08 20:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-12-12 02:33 - 2012-10-04 09:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-12-12 02:33 - 2012-10-04 09:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-12-12 02:33 - 2012-10-04 09:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-12-12 02:33 - 2012-10-04 09:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-12-12 02:33 - 2012-10-04 09:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-12-12 02:33 - 2012-10-04 09:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-12-12 02:33 - 2012-10-04 09:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 09:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-12-12 02:33 - 2012-10-04 08:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-12-12 02:33 - 2012-10-04 08:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 08:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 07:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-12-12 02:33 - 2012-10-04 06:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-12-12 02:33 - 2012-10-04 06:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-12-12 02:33 - 2012-10-04 06:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-12-12 02:33 - 2012-10-04 06:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-12-12 02:33 - 2012-10-04 06:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 06:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 06:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-12-12 02:33 - 2012-10-04 06:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-12-12 02:32 - 2012-11-01 21:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
    2012-12-12 02:32 - 2012-11-01 21:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll

    ==================== One Month Modified Files and Folders =======

    2013-01-09 14:57 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-01-09 14:57 - 2009-07-13 20:51 - 00104861 ____A C:\Windows\setupact.log
    2013-01-09 14:54 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-01-09 14:54 - 2009-07-13 20:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-01-09 14:50 - 2012-09-04 22:51 - 00000000 ___RD C:\Users\so many frogs\Dropbox
    2013-01-09 14:50 - 2012-09-04 22:47 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\Dropbox
    2013-01-09 14:50 - 2012-04-10 23:52 - 00000000 ____D C:\Program Files (x86)\Steam
    2013-01-09 14:50 - 2012-01-29 04:46 - 00000000 ____D C:\Users\All Users\clear.fi
    2013-01-09 14:30 - 2012-04-03 17:36 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\vlc
    2013-01-09 14:28 - 2013-01-09 14:03 - 73719798 ____A C:\Users\so many frogs\Downloads\Little Pictures - Owl + Owl.zip
    2013-01-09 14:17 - 2013-01-09 14:03 - 48594030 ____A C:\Users\so many frogs\Downloads\Tiddabadés - Tiddabadés E.P.zip
    2013-01-09 14:14 - 2009-07-13 21:13 - 00727008 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-01-09 14:05 - 2012-04-12 16:40 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-01-09 14:00 - 2013-01-09 13:40 - 75092655 ____A C:\Users\so many frogs\Downloads\capsul_-_wide_awake_looking_out_at_the_night_(remixes_covers_and_collaborations).zip
    2013-01-09 13:55 - 2012-04-10 23:46 - 00000940 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754623891-1970195876-72752818-1000UA.job
    2013-01-09 13:49 - 2013-01-09 13:40 - 09816531 ____A C:\Users\so many frogs\Downloads\capsul_-_blurry_eyes_ep.zip
    2013-01-09 13:48 - 2013-01-09 13:40 - 27002634 ____A C:\Users\so many frogs\Downloads\capsul_-_bookcase.zip
    2013-01-09 13:46 - 2013-01-09 13:45 - 19683512 ____A C:\Users\so many frogs\Downloads\mammal_airlines_-_smoking-_not_our_future_640x360.mp4
    2013-01-09 13:46 - 2013-01-09 13:40 - 09067676 ____A C:\Users\so many frogs\Downloads\capsul_-_no_paved_street_(a_collaboration_with_richard_c).zip
    2013-01-09 13:45 - 2013-01-09 13:40 - 13969159 ____A C:\Users\so many frogs\Downloads\capsul_-_youre_lying.zip
    2013-01-09 13:42 - 2013-01-09 13:39 - 03860930 ____A C:\Users\so many frogs\Downloads\capsul_-_coherence.zip
    2013-01-09 13:18 - 2013-01-08 04:01 - 00000000 ____D C:\Users\All Users\MFAData
    2013-01-09 03:43 - 2012-05-23 04:43 - 00000668 ____A C:\Windows\Tasks\hpwebreg_CN0AI112FD05JW.job
    2013-01-09 03:31 - 2013-01-09 03:31 - 00011673 ____A C:\Users\so many frogs\Desktop\attach.txt
    2013-01-09 03:30 - 2013-01-09 03:31 - 00028092 ____A C:\Users\so many frogs\Desktop\dds.txt
    2013-01-09 03:16 - 2012-07-16 01:11 - 00000960 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3754623891-1970195876-72752818-1000UA.job
    2013-01-09 03:14 - 2013-01-09 03:14 - 00688992 ____R (Swearware) C:\Users\so many frogs\Downloads\dds.com
    2013-01-09 03:07 - 2013-01-08 04:11 - 00000000 ____D C:\Users\All Users\AVG2013
    2013-01-09 03:06 - 2010-11-20 19:47 - 00014302 ____A C:\Windows\PFRO.log
    2013-01-09 02:42 - 2013-01-09 02:42 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\Malwarebytes
    2013-01-09 02:42 - 2013-01-09 02:42 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2013-01-09 02:42 - 2013-01-09 02:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-09 02:28 - 2013-01-09 02:25 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\so many frogs\Downloads\mbam-setup-1.70.0.1100.exe
    2013-01-09 00:16 - 2012-07-16 01:11 - 00000938 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3754623891-1970195876-72752818-1000Core.job
    2013-01-08 19:55 - 2012-04-10 23:46 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3754623891-1970195876-72752818-1000Core.job
    2013-01-08 17:05 - 2012-04-12 16:40 - 00697864 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-01-08 17:05 - 2012-04-12 16:40 - 00074248 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-01-08 14:45 - 2013-01-08 14:45 - 00821248 ____A C:\Users\so many frogs\Downloads\FreeISOBurner.exe
    2013-01-08 14:45 - 2013-01-08 14:43 - 90095616 ____A C:\Users\so many frogs\Downloads\avg_arl_cdi_all_120_120823a5411.iso
    2013-01-08 14:17 - 2013-01-08 04:01 - 00000000 ____D C:\Users\so many frogs\AppData\Local\Avg2013
    2013-01-08 04:28 - 2012-10-20 22:59 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\uTorrent
    2013-01-08 04:28 - 2012-01-30 15:31 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\SoftGrid Client
    2013-01-08 04:18 - 2013-01-08 04:18 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\AVG2013
    2013-01-08 04:13 - 2013-01-08 04:13 - 00000973 ____A C:\Users\Public\Desktop\AVG 2013.lnk
    2013-01-08 04:13 - 2013-01-08 04:13 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\TuneUp Software
    2013-01-08 04:13 - 2013-01-08 04:13 - 00000000 ____D C:\Users\so many frogs\AppData\Local\AVG Secure Search
    2013-01-08 04:12 - 2013-01-08 04:12 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2013-01-08 04:12 - 2013-01-08 04:12 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2013-01-08 04:12 - 2013-01-08 04:12 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2013-01-08 04:11 - 2013-01-08 04:11 - 00000000 ___HD C:\$AVG
    2013-01-08 04:10 - 2013-01-08 04:10 - 00000000 ____D C:\Program Files (x86)\AVG
    2013-01-08 04:01 - 2013-01-08 04:01 - 00000000 ____D C:\Users\so many frogs\AppData\Local\MFAData
    2013-01-08 02:46 - 2013-01-08 02:46 - 00009199 ____A C:\Users\so many frogs\Desktop\number of poems.xlsx
    2013-01-07 00:24 - 2012-01-09 02:31 - 00000000 ____D C:\users\so many frogs
    2013-01-07 00:23 - 2012-04-23 05:16 - 00000000 ____D C:\media
    2013-01-06 20:08 - 2013-01-06 20:08 - 00000000 ____D C:\Program Files (x86)\Haali
    2013-01-06 20:00 - 2013-01-06 20:00 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2013-01-06 19:59 - 2013-01-06 19:59 - 00000000 ____D C:\Users\so many frogs\AppData\Roaming\Media Player Classic
    2013-01-06 19:58 - 2013-01-06 19:58 - 00000000 ____D C:\Program Files\MPC-HC
    2013-01-06 19:52 - 2013-01-06 19:52 - 00000000 ____D C:\Program Files (x86)\Mega Codec Pack
    2013-01-06 19:52 - 2011-08-09 21:08 - 01229135 ____A C:\Windows\WindowsUpdate.log
    2013-01-06 18:58 - 2013-01-06 18:42 - 68807868 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Christopher_Owens_-_Lysandre_(2012).rar
    2013-01-06 18:10 - 2013-01-06 17:54 - 101705500 ____A C:\Users\so many frogs\Downloads\Bedpeace - The Wave Came And Took Me Away.zip
    2013-01-06 17:59 - 2013-01-06 17:55 - 18305803 ____A C:\Users\so many frogs\Downloads\Bedpeace - You Are A Wuss- Part Wimp and Part Pu$$y.zip
    2013-01-06 17:45 - 2013-01-06 17:36 - 29346631 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Foals - Total Life Forever Bonus CD (2010).rar
    2013-01-06 11:18 - 2013-01-06 10:36 - 118864520 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Foals - Total Life Forever (2010).rar
    2013-01-06 10:43 - 2013-01-06 10:43 - 00030889 ____A C:\Users\so many frogs\Downloads\7942DE39B3F73D6542C2FD97AE31949DCD2098BA.torrent
    2013-01-02 21:38 - 2013-01-02 21:17 - 44695829 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Blink-182 - Dogs Eating Dogs (2012).rar
    2013-01-02 18:34 - 2013-01-02 18:10 - 77464408 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Beach_Fossils_-_Clash_The_Truth_(2013).rar
    2013-01-02 18:01 - 2013-01-02 17:57 - 55151519 ____A C:\Users\so many frogs\Downloads\Black City Lights - RMXS.zip
    2013-01-02 17:52 - 2013-01-02 17:49 - 63460334 ____A C:\Users\so many frogs\Downloads\Black City Lights - Parallels EP.zip
    2013-01-02 17:49 - 2013-01-02 17:48 - 14110300 ____A C:\Users\so many frogs\Downloads\Misfit Mod - Sugar C.zip
    2013-01-02 17:17 - 2013-01-02 16:57 - 62284921 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Sleigh Bells - Treats (2010).rar
    2012-12-30 15:04 - 2012-12-30 15:03 - 00000384 ____A C:\Windows\wininit.ini
    2012-12-22 05:13 - 2011-05-24 02:35 - 00000000 ____D C:\Users\All Users\Skype
    2012-12-21 12:52 - 2009-07-13 20:45 - 02916384 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-12-20 16:40 - 2012-12-20 15:53 - 108296442 ____A C:\Users\so many frogs\Downloads\www.NewAlbumReleases.net_Flying Lotus - Until The Quiet Comes (2012).rar
    2012-12-16 21:38 - 2012-12-16 21:38 - 00034304 ____A C:\Users\so many frogs\Downloads\Regan and Frances CR4 CR5 booking (2) (1).wiz
    2012-12-16 21:37 - 2012-12-16 21:37 - 00034304 ____A C:\Users\so many frogs\Downloads\Regan and Frances CR4 CR5 booking (2).wiz
    2012-12-16 09:11 - 2012-12-21 01:06 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
    2012-12-16 06:45 - 2012-12-21 01:06 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
    2012-12-16 06:13 - 2012-12-21 01:06 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2012-12-16 06:13 - 2012-12-21 01:06 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2012-12-13 19:49 - 2013-01-09 02:42 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-12-13 10:40 - 2012-12-13 10:40 - 00022016 ____A C:\Users\so many frogs\Downloads\Notes for term 4 portfolio writing (1).wiz
    2012-12-12 06:51 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2012-12-12 06:02 - 2012-03-12 14:04 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe


    ZeroAccess:
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\@
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\L
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\L\00000004.@
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\L\201d3dde
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\L\76603ac3
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\00000004.@
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\00000008.@
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\000000cb.@
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\80000000.@
    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2012-12-21 01:05:58
    Restore point made on: 2012-12-25 03:17:42
    Restore point made on: 2012-12-28 17:51:33
    Restore point made on: 2013-01-01 13:57:58
    Restore point made on: 2013-01-04 16:17:36
    Restore point made on: 2013-01-08 04:10:18
    Restore point made on: 2013-01-08 04:10:58

    ==================== Memory info ===========================

    Percentage of memory in use: 18%
    Total physical RAM: 3947.86 MB
    Available physical RAM: 3236.27 MB
    Total Pagefile: 3946.06 MB
    Available Pagefile: 3234.49 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ==================== Partitions =============================

    1 Drive c: (ALAKAZAM) (Fixed) (Total:683.54 GB) (Free:235.64 GB) NTFS
    2 Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:1.67 GB) NTFS
    4 Drive g: (0273442474) (Removable) (Total:7.55 GB) (Free:2.71 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 698 GB 0 B
    Disk 1 Online 7751 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Recovery 15 GB 1024 KB
    Partition 2 Primary 100 MB 15 GB
    Partition 3 Primary 683 GB 15 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E PQSERVICE NTFS Partition 15 GB Healthy Hidden

    =========================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

    =========================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C ALAKAZAM NTFS Partition 683 GB Healthy

    =========================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 7747 MB 4032 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 0C
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G 0273442474 FAT32 Removable 7747 MB Healthy

    =========================================================

    Last Boot: 2013-01-07 01:10

    ==================== End Of Log =============================



    Search.txt

    Farbar Recovery Scan Tool (x64) Version: 09-01-2013
    Ran by SYSTEM at 2013-01-10 12:08:09
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.



    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

    Attached Files:

  6. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Thanks again for your reply, I did the fix with FRST64 and it seemed to work fine; here is the fixlog:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-01-2013
    Ran by SYSTEM at 2013-01-11 08:15:01 Run:1
    Running from G:\

    ==============================================

    C:\Windows\Installer\{cba70f3b-4725-4467-4b39-d63df0060981} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    I then went to do ComboFix; I disabled AVG and MBAM fine and went to disable Windows Firewall and Windows Defender but found that they were already turned off/not working (see attached screenshots). I ran ComboFix and it seemed to work fine; it did the scan then restarted the computer to produce the log. After the log was complete I wasn't able to open any programs but I assumed this was just part of ComboFix so restarted and all of the programs opened fine. I opened Windows Firewall and it was back on which was good, but Windows Defender was off and had an error message when I tried to turn it on (see attached screenshot). AVG hasn't come up with any malware notifications since I restarted so that seems to be a good sign. I can't fit the ComboFix log into this post so will copy it into the next post. Thanks again!
  7. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    The ComboFix log is actually too long to copy and paste so I will attach it here. Thanks very much for all your help so far!

    Attached Files:

  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    RogueKiller Scan

    • Download RogueKiller from the following link and save it on your desktop:
      TechSpot
      Official Site (alternative)
    • Quit all programs
    • Start RogueKiller.exe.
    • Wait until Prescan has finished ...
    • Click on Scan
    [​IMG]

    • Wait for the end of the scan.
    • The report has been created on the desktop.
    • Click on the Delete button.
    [​IMG]

    • The report has been created on the desktop.
    • Next click on the ShortcutsFix

      [​IMG]
    • The report has been created on the desktop.
    Please post:

    All RKreport.txt text files located on your desktop.


    Malwarebytes' Anti-Rootkit

    Please download Malwarebytes' Anti-Rootkit and save it to your desktop.
    • Be sure to print out and follow the instructions provided on that same page for performing a scan.
    • Caution: This is a beta version so also read the disclaimer and back up all your data before using.
    • When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
    • Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
    • Copy and paste the contents of these two log files in your next reply.
  9. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Hey DMJ, thanks again for your reply.

    Soon after posting my last two messages on my laptop I found that I could no longer connect to the internet on my laptop. I can still connect to the wireless router, but have no internet access, even after turning the router off and on again and rebooting the computer (the connection shows in the bottom right corner, with excellent signal strength but the yellow exclamation mark). I also tried connecting directly to the router using an ethernet cable to no success as well.

    I downloaded the two programs you suggested on a flatmate's laptop and used them on my laptop via USB (I updated MBAR on my flatmate's laptop before running it on my own).

    RogueKiller ran smoothly:

    RTF 1:

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : so many frogs [Admin rights]
    Mode : Scan -- Date : 01/11/2013 22:43:55

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 5 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9750423AS +++++
    --- User ---
    [MBR] af16c5dff5522d34d735581cc3dc4382
    [BSP] 1b7ba549d1c3993a456ea70f12de5986 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: USB Flash Memory USB Device +++++
    --- User ---
    [MBR] fcafbeeafceb59c0b22bdcfb1d6bc47d
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7747 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[1]_S_01112013_02d2243.txt >>
    RKreport[1]_S_01112013_02d2243.txt


    RTF 2:

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : so many frogs [Admin rights]
    Mode : Remove -- Date : 01/11/2013 22:45:27

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 4 ¤¤¤
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) -> REPLACED (C:\Windows\system32\logon.scr)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9750423AS +++++
    --- User ---
    [MBR] af16c5dff5522d34d735581cc3dc4382
    [BSP] 1b7ba549d1c3993a456ea70f12de5986 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 699942 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: USB Flash Memory USB Device +++++
    --- User ---
    [MBR] fcafbeeafceb59c0b22bdcfb1d6bc47d
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 7747 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!

    Finished : << RKreport[2]_D_01112013_02d2245.txt >>
    RKreport[1]_S_01112013_02d2243.txt ; RKreport[2]_D_01112013_02d2245.txt

    RTF 3:

    RogueKiller V8.4.3 [Jan 10 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : so many frogs [Admin rights]
    Mode : Shortcuts HJfix -- Date : 01/11/2013 22:50:28

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ File attributes restored: ¤¤¤
    Desktop: Success 118 / Fail 0
    Quick launch: Success 1 / Fail 0
    Programs: Success 11 / Fail 0
    Start menu: Success 1 / Fail 0
    User folder: Success 107 / Fail 0
    My documents: Success 4 / Fail 4
    My favorites: Success 0 / Fail 0
    My pictures: Success 0 / Fail 0
    My music: Success 2 / Fail 0
    My videos: Success 0 / Fail 0
    Local drives: Success 1303 / Fail 0
    Backup: [NOT FOUND]

    Drives:
    [C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
    [D:] \Device\CdRom0 -- 0x5 --> Skipped
    [F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
    [Q:] \Device\SftVol -- 0x3 --> Restored

    Finished : << RKreport[3]_SC_01112013_02d2250.txt >>
    RKreport[1]_S_01112013_02d2243.txt ; RKreport[2]_D_01112013_02d2245.txt ; RKreport[3]_SC_01112013_02d2250.txt




    When I ran MBAR on my laptop (after updating it on my flatmate's laptop) there was an initial message saying that there was a registry file that could disrupt the scan, and I could delete the file before proceeding if I wanted (though it recommended me to not do this and only do it later if the scan was interrupted and I had to reopen the program).

    MBAR did not find any malware on the first scan so I did not need to do the cleanup option. I did the fixdamage tool after in the hope of fixing the internet access issue but it didn't fix it (even after turning the router off and on again and rebooting the computer). So now I'm quite worried about why I suddenly can't connect to the internet so am hoping you can provide some sort of fix!

    In 10 hours I will be going away for a family holiday for 3 nights/4 days, returning Tuesday night (I'm in New Zealand, so it is currently 12.34am Saturday). I will check the topic again before I leave in 10 hours but if you could keep the topic active while I'm away that would be much appreciated so I can hopefully finalise all of the fixes when I get back.

    Here are the MBAR logs:

    mbar-log :

    Malwarebytes Anti-Rootkit 1.01.0.1011
    www.malwarebytes.org

    Database version: v2013.01.11.07

    Windows 7 Service Pack 1 x64 FAT32
    Internet Explorer 9.0.8112.16421
    so many frogs :: ALAKAZAM [administrator]

    11/01/2013 11:41:22 p.m.
    mbar-log-2013-01-11 (23-41-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 31859
    Time elapsed: 11 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    system-log attached below

    Attached Files:

  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
  11. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Hey DMJ, thanks for our reply but I can't run the ESET Online Scan because my laptop still can't connect to the internet. I downloaded the installer and updated it on my flatmate's laptop but when I ran it on my own laptop via USB it still tried to update and wouldn't let me go to the scan stage without updating.


    I really need the internet form my upcoming job so hope it can be fixed. Win 7 came pre-installed on my laptop, so would I need to somehow do an OS reset?

    I'm going on a family holiday now for 3 nights/4 days so if you could keep this topic active that would be much appreciated. Thanks for all of your help so far!
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Press start, then type CMD and hit Enter.

    In the command prompt window, press in the following code exactly:


    netsh winsock reset catalog

    Then, exit out.
    ==

    Do you have Internet after performing the above process?
  13. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Did it work?
     
  14. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Hi again DMJ, I'm now back from holiday so thanks for your patience. I tried that CMD code and got this message (see attached screenshot). I ran CMD straight from the start menu as you requested and still don't have internet.

    Attached Files:

  15. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    When I tried the CMD prompt I was logged in as so many frogs (which is the only profile I have on my computer, so it is the administrator account)....Should I try it again through the system recovery options process?
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's okay, never mind...

    Go to Start > Run, type in cmd and hit OK.

    Copy and paste this phrase in to the Command Prompt line:

    cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt


    If you have troubles pasting it, right click on the Command Prompt window and click Paste. Then, hit Enter.

    Post the log that launches.
  17. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Thanks for your reply DMJ, I can't thank you enough for your help and persistence.

    I copied the phrase into a notepad file on a USB, put it in my laptop and then copied it into CMD as instructed. A log launched immediately but it was blank; I took a screenshot and will attach it here (cmd log). In the CMD window there was an array of information which I have screenshotted in its entirety (see cmd 1 and 2 below).

    Attached Files:

  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Same thing here please...

    cmd /c (ipconfig /all&nslookup bing.com&ping -n 2 bing.com&route print) >log.txt&log.txt
  19. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Hey DMJ, just did it and got the same result (blank notepad file, same as the screenshot cmd log above) but a string of information in the CMD window. I've copied the information in the CMD window, here it is:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:\Users\so many frogs>cmd /c (ipconfig /all&nslookup bing.com&ping -n 2 bing.co
    m&route print) >log.txt&log.txt
    Server: UnKnown
    Address: 192.168.0.1

    *** UnKnown can't find bing.com: No response from server
    Ping request could not find host bing.com. Please check the name and try again.

    Manipulates network routing tables.

    ROUTE [-f] [-p] [-4|-6] command [destination]
    [MASK netmask] [gateway] [METRIC metric] [IF interface]

    -f Clears the routing tables of all gateway entries. If this is
    used in conjunction with one of the commands, the tables are
    cleared prior to running the command.

    -p When used with the ADD command, makes a route persistent across
    boots of the system. By default, routes are not preserved
    when the system is restarted. Ignored for all other commands,
    which always affect the appropriate persistent routes. This
    option is not supported in Windows 95.

    -4 Force using IPv4.

    -6 Force using IPv6.

    command One of these:
    PRINT Prints a route
    ADD Adds a route
    DELETE Deletes a route
    CHANGE Modifies an existing route
    destination Specifies the host.
    MASK Specifies that the next parameter is the 'netmask' value.
    netmask Specifies a subnet mask value for this route entry.
    If not specified, it defaults to 255.255.255.255.
    gateway Specifies gateway.
    interface the interface number for the specified route.
    METRIC specifies the metric, ie. cost for the destination.

    All symbolic names used for destination are looked up in the network database
    file NETWORKS. The symbolic names for gateway are looked up in the host name
    database file HOSTS.

    If the command is PRINT or DELETE. Destination or gateway can be a wildcard,
    (wildcard is specified as a star '*'), or the gateway argument may be omitted.

    If Dest contains a * or ?, it is treated as a shell pattern, and only
    matching destination routes are printed. The '*' matches any string,
    and '?' matches any one char. Examples: 157.*.1, 157.*, 127.*, *224*.

    Pattern match is only allowed in PRINT command.
    Diagnostic Notes:
    Invalid MASK generates an error, that is when (DEST & MASK) != DEST.
    Example> route ADD 157.0.0.0 MASK 155.0.0.0 157.55.80.1 IF 1
    The route addition failed: The specified mask parameter is invalid.
    (Destination & Mask) != Destination.

    Examples:

    > route PRINT
    > route PRINT -4
    > route PRINT -6
    > route PRINT 157* .... Only prints those matching 157*

    > route ADD 157.0.0.0 MASK 255.0.0.0 157.55.80.1 METRIC 3 IF 2
    destination^ ^mask ^gateway metric^ ^
    Interface^
    If IF is not given, it tries to find the best interface for a given
    gateway.
    > route ADD 3ffe::/32 3ffe::1

    > route CHANGE 157.0.0.0 MASK 255.0.0.0 157.55.80.5 METRIC 2 IF 2

    CHANGE is used to modify gateway and/or metric only.

    > route DELETE 157.0.0.0
    > route DELETE 3ffe::/32

    C:\Users\so many frogs>
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Okay...

    Type in the following and post in your next reply (I'll be back tomorrow):

    ipconfig /all > log.txt && log.txt

    Post contents please.
  21. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Thanks for your reply, here's the contents of log.txt (note my laptop has been connected to our wireless router during all of these commands, but with no internet access):


    Windows IP Configuration

    Host Name . . . . . . . . . . . . : ALAKAZAM
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No

    Wireless LAN adapter Wireless Network Connection 3:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
    Physical Address. . . . . . . . . : A0-88-B4-9D-3C-01
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection 2:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
    Physical Address. . . . . . . . . : A0-88-B4-9D-3C-01
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Wireless LAN adapter Wireless Network Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6205
    Physical Address. . . . . . . . . : A0-88-B4-9D-3C-00
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::c416:e114:575f:ff58%14(Preferred)
    Autoconfiguration IPv4 Address. . : 169.254.255.88(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.0.0
    Default Gateway . . . . . . . . . :
    DNS Servers . . . . . . . . . . . : 192.168.0.1
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Local Area Connection:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    Physical Address. . . . . . . . . : B8-70-F4-8A-FD-85
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{CD555936-A821-4029-BF29-B18514EADD3E}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{74BEB3BF-3216-431F-8967-0636C2E8812F}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{5C35EDE1-1AA3-44C5-A24E-965892A317A0}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{D44F3F10-2C71-471C-A202-BE1831F12663}:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Microsoft ISATAP Adapter #6
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Would you write down the IP address, subnet mask, and DNS servers from your router settings page? Post them here...
  23. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    Sure, here's a screenshot of the router settings which has the information:

    Attached Files:

  24. njoyd

    njoyd Newcomer, in training Topic Starter Posts: 19

    In case you wanted the information copied:
    ADSL Port
    IP Address 101.98.173.127
    IP Subnet Mask 255.255.255.255
    Domain Name Server 202.180.64.10
    202.180.64.11
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Please visit this page for a tutorial about Complete Internet Repair, which gives an overview and support information. Otherwise, the download link is at the bottom of the article.

    Checkmark the following in the tool:
    • Reset Internet Protocol
    • Repair Winsock
    • Renew Internet Connections
    • Flush DNS Resolver Cache
    • Repair Internet Explorer
    • Reset Windows Firewall Configuration
    • Restore the Default Hosts File
    It should look like this:
    [​IMG]

    • Once ready, hit the Go! button.
    • If may have you reboot your computer.
    • Once that's done, let me know if this restore Internet Access successfully.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.