Solved Trojan:DOS/Alureon.E

Status
Not open for further replies.
Piratekitty

Piratekitty

Posts: 34   +0
Last week I got a viruse that dissabled my USB ports and dvd/CD drive's and slowly took over my PC and I did evrything I could to try and get rid of it but when I scanned my PC using my (AVG virus scanner) it did not find a single thing so I decided to format my main conputer drive and reinatall Windows 7 to try and make a clean restart.
After doing so I then went to Microsoft.com and downlaoded (Microsoft Secerety Essentials) to see if it worked better then AVG did but unfortonly it found the viruse that I had befor so that tells me reinstalling my windows 7 did no good at all.

Mce keeps on telling me that it found Trojan:DOS/Alureon.E even after I clcik remove and restarted my PC after doing sl.
it allso tells me...

Security Essentials encountered the following error: Error code 0x800704ec. This program is blocked by group policy.
Category: Trojan
Description: This program is dangerouse and executes commands from an attacker.
Recommended action: remove this softwhere immediately.
Items:
Boot:\Device\HarddiskVolume4
Boot:\Device\HarddiskVolume4\
Boot:\\.\PHYSICALDRIVE0\Partition3 (Type 17)
--------------------------------------------------
When I run (Malwarebytes Anti-Malware) it dose not find anything.
When I run Mcss it finds Trojan:DOS/Alureon.E it tells me it was partially removed so I restart my PC but the virus is still there.
AVG finds nothing.

can someone help me get rid of the Alureon.E ?
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please review the 4-Step instructions and post the logs back here for my review.

Also, include this scan:

Download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
 
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.02.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Tadpole :: TADPOLE-PC [administrator]

Protection: Disabled

1/1/2013 9:02:55 PM
mbam-log-2013-01-01 (21-02-55).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 261184
Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
# AdwCleaner v2.104 - Logfile created 01/03/2013 at 05:05:18
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tadpole - TADPOLE-PC
# Boot Mode : Normal
# Running from : C:\Users\Tadpole\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\AVG Secure Search
Folder Found : C:\Program Files (x86)\Claro LTD
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\iMesh Applications\Mediabar
Folder Found : C:\Program Files (x86)\SaveAs
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\Program Files (x86)\WhiteSmoke_US_New_E1
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Tadpole\AppData\Local\AVG Secure Search
Folder Found : C:\Users\Tadpole\AppData\Local\Conduit
Folder Found : C:\Users\Tadpole\AppData\Local\SwvUpdater
Folder Found : C:\Users\Tadpole\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Tadpole\AppData\LocalLow\Conduit
Folder Found : C:\Users\Tadpole\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Tadpole\AppData\LocalLow\shareazatoolbarguid
Folder Found : C:\Users\Tadpole\AppData\LocalLow\WhiteSmoke_US_New_E1
Folder Found : C:\Users\Tadpole\AppData\Roaming\Babylon
Folder Found : C:\Users\Tadpole\AppData\Roaming\Claro
Folder Found : C:\Users\Tadpole\AppData\Roaming\OpenCandy
***** [Registry] *****
Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\datamngr.dll
Data Found : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\IMESHA~1\Mediabar\Datamngr\x64\IEBHO.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\imesha~1\mediabar\datamngr\datamngr.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\imesha~1\mediabar\datamngr\iebho.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\saveas\sprote~1.dll
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\shareazatoolbarguid
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New_E1
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Claro LTD
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ADE92211-31DC-4775-85C0-75659B099DD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADE92211-31DC-4775-85C0-75659B099DD3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\shareazatoolbarguid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\Claro LTD
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
Key Found : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3272810
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\Software\WhiteSmoke_US_New_E1
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{ADE92211-31DC-4775-85C0-75659B099DD3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB0773C4-1DF3-4521-AFD5-28BF53C9DD74}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcillohgikpecbmgioknapdpcjofaafl
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08DC9967-82DC-4223-959F-5332CEE0BDB5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3995369E-EB1D-4ADC-AD4E-0CD72559D636}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADE92211-31DC-4775-85C0-75659B099DD3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72A0F495-BA60-4524-827B-B36B8C18587A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADE92211-31DC-4775-85C0-75659B099DD3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{069B290F-5398-4629-A009-85B4BCB4B1B9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\shareazatoolbarguid
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New_E1 Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{474597C5-AB09-49D6-A4D5-2E8D7341384E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}
Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Found : HKU\S-1-5-21-1679344818-1426112335-2283860709-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{72A0F495-BA60-4524-827B-B36B8C18587A}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{ADE92211-31DC-4775-85C0-75659B099DD3}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.claro-search.com/?affID=118658&tt=0113_4&babsrc=HP_ss&mntrId=aebe7ee0000000000000002268663b3c
*************************
AdwCleaner[R1].txt - [17801 octets] - [03/01/2013 04:44:32]
AdwCleaner[R2].txt - [17860 octets] - [03/01/2013 04:45:37]
AdwCleaner[R3].txt - [17921 octets] - [03/01/2013 04:46:40]
AdwCleaner[R4].txt - [17982 octets] - [03/01/2013 04:48:25]
AdwCleaner[R5].txt - [18043 octets] - [03/01/2013 05:01:47]
AdwCleaner[R6].txt - [18104 octets] - [03/01/2013 05:02:30]
AdwCleaner[R7].txt - [18068 octets] - [03/01/2013 05:05:18]
########## EOF - C:\AdwCleaner[R7].txt - [18129 octets] ##########
 
I am going to send the dss logs over in a .Zip file bc when I try to post ether 1 of them it keeps on telling me Please enter a message with no more than 50000 character
 

Attachments

  • DDS Logs.zip
    20.2 KB · Views: 1
ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 13-01-03.05 - Tadpole 01/03/2013 11:51:55.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6301 [GMT -5:00]
Running from: c:\users\Tadpole\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))
.
.
2013-01-03 17:00 . 2013-01-03 17:00--------d-----w-c:\users\Default\AppData\Local\temp
2013-01-03 14:24 . 2013-01-03 14:2476232----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5A1BBC-3BC8-4FC2-9FD8-63584330827B}\offreg.dll
2013-01-03 14:17 . 2013-01-03 14:17--------d-----w-c:\programdata\magicJack
2013-01-03 11:54 . 2013-01-03 11:54--------d-----w-c:\windows\SysWow64\Wat
2013-01-03 11:54 . 2013-01-03 11:54--------d-----w-c:\windows\system32\Wat
2013-01-03 11:25 . 2012-07-26 04:55785512----a-w-c:\windows\system32\drivers\Wdf01000.sys
2013-01-03 11:25 . 2012-07-26 04:5554376----a-w-c:\windows\system32\drivers\WdfLdr.sys
2013-01-03 11:25 . 2012-07-26 04:472560----a-w-c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-03 11:25 . 2012-07-26 02:369728----a-w-c:\windows\system32\Wdfres.dll
2013-01-03 11:06 . 2012-12-16 14:1334304----a-w-c:\windows\SysWow64\atmlib.dll
2013-01-03 11:06 . 2012-12-16 17:1146080----a-w-c:\windows\system32\atmlib.dll
2013-01-03 11:06 . 2012-12-16 14:45367616----a-w-c:\windows\system32\atmfd.dll
2013-01-03 11:06 . 2012-12-16 14:13295424----a-w-c:\windows\SysWow64\atmfd.dll
2013-01-03 11:06 . 2010-09-30 10:41100864----a-w-c:\windows\system32\fontsub.dll
2013-01-03 11:06 . 2010-09-30 06:4770656----a-w-c:\windows\SysWow64\fontsub.dll
2013-01-03 11:05 . 2012-07-26 02:26198656----a-w-c:\windows\system32\drivers\WUDFRd.sys
2013-01-03 11:05 . 2012-07-26 03:0884992----a-w-c:\windows\system32\WUDFSvc.dll
2013-01-03 11:05 . 2012-07-26 03:08194048----a-w-c:\windows\system32\WUDFPlatform.dll
2013-01-03 11:05 . 2012-07-26 02:2687040----a-w-c:\windows\system32\drivers\WUDFPf.sys
2013-01-03 11:05 . 2012-07-26 03:08229888----a-w-c:\windows\system32\WUDFHost.exe
2013-01-03 11:05 . 2012-07-26 03:0845056----a-w-c:\windows\system32\WUDFCoinstaller.dll
2013-01-03 11:05 . 2012-07-26 03:08744448----a-w-c:\windows\system32\WUDFx.dll
2013-01-03 11:03 . 2012-03-01 06:4623408----a-w-c:\windows\system32\drivers\fs_rec.sys
2013-01-03 11:03 . 2012-03-01 06:3381408----a-w-c:\windows\system32\imagehlp.dll
2013-01-03 11:03 . 2012-03-01 06:285120----a-w-c:\windows\system32\wmi.dll
2013-01-03 11:03 . 2012-03-01 05:33159232----a-w-c:\windows\SysWow64\imagehlp.dll
2013-01-03 11:03 . 2012-03-01 05:295120----a-w-c:\windows\SysWow64\wmi.dll
2013-01-03 07:28 . 2013-01-03 07:2830568----a-w-c:\windows\system32\drivers\avgtpx64.sys
2013-01-03 05:50 . 2013-01-03 05:50--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 05:50 . 2012-12-15 00:4924176----a-w-c:\windows\system32\drivers\mbam.sys
2013-01-03 04:54 . 2011-02-19 12:051139200----a-w-c:\windows\system32\FntCache.dll
2013-01-03 04:54 . 2011-02-19 12:04902656----a-w-c:\windows\system32\d2d1.dll
2013-01-03 04:54 . 2011-02-19 06:30739840----a-w-c:\windows\SysWow64\d2d1.dll
2013-01-03 04:07 . 2013-01-03 04:06972264----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77FAD486-9AE0-476F-96B7-B4187EC95011}\gapaengine.dll
2013-01-03 04:06 . 2012-11-08 17:249125352----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C5A1BBC-3BC8-4FC2-9FD8-63584330827B}\mpengine.dll
2013-01-03 04:05 . 2013-01-03 04:05--------d-----w-c:\program files (x86)\Microsoft Security Client
2013-01-03 04:05 . 2013-01-03 04:06--------d-----w-c:\program files\Microsoft Security Client
2013-01-03 03:00 . 2013-01-03 03:00163056----a-w-c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2013-01-02 11:33 . 2013-01-02 11:50--------d-----w-c:\programdata\Premium
2013-01-02 11:32 . 2013-01-02 11:34--------d-----w-c:\programdata\WoW Worldwide Software LTD
2013-01-02 11:31 . 2012-08-31 18:191659760----a-w-c:\windows\system32\drivers\ntfs.sys
2013-01-02 11:29 . 2010-12-23 10:421118720----a-w-c:\windows\system32\sbe.dll
2013-01-02 11:28 . 2011-10-26 05:2143520----a-w-c:\windows\system32\csrsrv.dll
2013-01-02 11:28 . 2011-12-30 06:26515584----a-w-c:\windows\system32\timedate.cpl
2013-01-02 11:28 . 2011-12-30 05:27478720----a-w-c:\windows\SysWow64\timedate.cpl
2013-01-02 11:28 . 2011-02-24 06:15476160----a-w-c:\windows\system32\XpsGdiConverter.dll
2013-01-02 11:28 . 2011-02-24 05:38288256----a-w-c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-02 11:28 . 2012-11-22 03:263149824----a-w-c:\windows\system32\win32k.sys
2013-01-02 11:26 . 2012-06-02 04:4022016----a-w-c:\windows\SysWow64\secur32.dll
2013-01-02 11:24 . 2012-05-01 05:40209920----a-w-c:\windows\system32\profsvc.dll
2013-01-02 11:23 . 2012-11-02 05:59478208----a-w-c:\windows\system32\dpnet.dll
2013-01-02 11:23 . 2012-11-02 05:11376832----a-w-c:\windows\SysWow64\dpnet.dll
2013-01-02 11:23 . 2012-08-24 18:05220160----a-w-c:\windows\system32\wintrust.dll
2013-01-02 11:23 . 2012-08-24 16:57172544----a-w-c:\windows\SysWow64\wintrust.dll
2013-01-02 11:23 . 2012-08-21 21:01245760----a-w-c:\windows\system32\OxpsConverter.exe
2013-01-02 11:20 . 2011-01-17 11:09197120----a-w-c:\windows\system32\d3d10_1.dll
2013-01-02 11:20 . 2011-01-17 05:47161792----a-w-c:\windows\SysWow64\d3d10_1.dll
2013-01-02 11:20 . 2011-04-29 03:06467456----a-w-c:\windows\system32\drivers\srv.sys
2013-01-02 11:20 . 2011-04-29 03:05410112----a-w-c:\windows\system32\drivers\srv2.sys
2013-01-02 11:20 . 2011-04-29 03:05168448----a-w-c:\windows\system32\drivers\srvnet.sys
2013-01-02 11:20 . 2011-08-17 05:26613888----a-w-c:\windows\system32\psisdecd.dll
2013-01-02 11:20 . 2011-08-17 05:25108032----a-w-c:\windows\system32\psisrndr.ax
2013-01-02 11:20 . 2011-08-17 04:24465408----a-w-c:\windows\SysWow64\psisdecd.dll
2013-01-02 11:20 . 2011-08-17 04:1975776----a-w-c:\windows\SysWow64\psisrndr.ax
2013-01-02 11:20 . 2012-04-28 03:55210944----a-w-c:\windows\system32\drivers\rdpwd.sys
2013-01-02 11:15 . 2011-12-28 03:59498688----a-w-c:\windows\system32\drivers\afd.sys
2013-01-02 11:15 . 2012-03-17 07:5875120----a-w-c:\windows\system32\drivers\partmgr.sys
2013-01-02 11:15 . 2012-08-11 00:56715776----a-w-c:\windows\system32\kerberos.dll
2013-01-02 11:15 . 2012-08-10 23:56542208----a-w-c:\windows\SysWow64\kerberos.dll
2013-01-02 11:15 . 2012-04-07 12:313216384----a-w-c:\windows\system32\msi.dll
2013-01-02 11:15 . 2012-04-07 11:262342400----a-w-c:\windows\SysWow64\msi.dll
2013-01-02 11:15 . 2012-09-25 22:4778336----a-w-c:\windows\SysWow64\synceng.dll
2013-01-02 11:15 . 2012-09-25 22:4695744----a-w-c:\windows\system32\synceng.dll
2013-01-02 11:14 . 2011-02-05 17:1020352----a-w-c:\windows\system32\kdusb.dll
2013-01-02 11:14 . 2011-02-05 17:1019328----a-w-c:\windows\system32\kd1394.dll
2013-01-02 11:14 . 2011-02-05 17:1017792----a-w-c:\windows\system32\kdcom.dll
2013-01-02 11:14 . 2011-02-05 17:06605552----a-w-c:\windows\system32\winload.exe
2013-01-02 11:14 . 2011-02-05 17:06566208----a-w-c:\windows\system32\winresume.efi
2013-01-02 11:14 . 2011-02-05 17:06518672----a-w-c:\windows\system32\winresume.exe
2013-01-02 11:14 . 2011-02-05 17:10642944----a-w-c:\windows\system32\winload.efi
2013-01-02 11:07 . 2011-11-19 14:5877312----a-w-c:\windows\system32\packager.dll
2013-01-02 11:07 . 2011-11-19 14:0167072----a-w-c:\windows\SysWow64\packager.dll
2013-01-02 11:00 . 2012-05-11 23:47119568----a-w-c:\windows\SysWow64\VB6FR.DLL
2013-01-02 11:00 . 2012-05-11 23:47101888----a-w-c:\windows\SysWow64\VB6STKIT.DLL
2013-01-02 11:00 . 2012-05-11 23:4732768----a-w-c:\windows\SysWow64\CMDLGFR.DLL
2013-01-02 11:00 . 2012-05-11 23:47141312----a-w-c:\windows\SysWow64\MSCMCFR.DLL
2013-01-02 10:58 . 2013-01-02 10:58--------d-----w-c:\programdata\Wincert
2013-01-02 10:57 . 2013-01-03 13:25--------d-----w-c:\program files (x86)\iMesh Applications
2013-01-02 10:49 . 2013-01-02 10:49--------dc----w-c:\windows\system32\DRVSTORE
2013-01-02 10:49 . 2012-08-21 21:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-02 10:48 . 2013-01-02 10:48--------d-----w-c:\program files\iPod
2013-01-02 10:48 . 2013-01-02 10:49--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-02 10:48 . 2013-01-02 10:49--------d-----w-c:\program files\iTunes
2013-01-02 10:48 . 2013-01-02 10:49--------d-----w-c:\program files (x86)\iTunes
2013-01-02 10:48 . 2013-01-02 10:48--------d-----w-c:\programdata\Apple Computer
2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files (x86)\Apple Software Update
2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files\Common Files\Apple
2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files\Bonjour
2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\program files (x86)\Bonjour
2013-01-02 10:47 . 2013-01-02 10:48--------d-----w-c:\program files (x86)\Common Files\Apple
2013-01-02 10:47 . 2013-01-02 10:47--------d-----w-c:\programdata\Apple
2013-01-02 08:26 . 2013-01-02 08:26--------d-----w-C:\$AVG
2013-01-02 08:11 . 2013-01-03 13:22--------d-----w-c:\program files (x86)\Common Files\AVG Secure Search
2013-01-02 08:11 . 2013-01-02 08:11--------d--h--w-c:\programdata\Common Files
2013-01-02 08:11 . 2013-01-02 08:11--------d-----w-c:\windows\SysWow64\drivers\AVG
2013-01-02 08:10 . 2013-01-03 13:07--------d-----w-c:\windows\system32\drivers\AVG
2013-01-02 08:10 . 2013-01-02 08:16--------d-----w-c:\programdata\AVG2012
2013-01-02 08:10 . 2013-01-02 08:10--------d-----w-c:\program files (x86)\AVG
2013-01-02 08:05 . 2013-01-03 15:03--------d-----w-c:\programdata\MFAData
2013-01-02 07:31 . 2013-01-02 07:31--------d--h--w-c:\windows\system32\CanonIJ Uninstaller Information
2013-01-02 07:31 . 2013-01-02 07:31--------d--h--w-c:\programdata\CanonBJ
2013-01-02 07:31 . 2010-04-24 13:0083968----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPP9W.DLL
2013-01-02 07:31 . 2010-04-24 13:0028672----a-w-c:\windows\system32\Spool\prtprocs\x64\CNMPD9W.DLL
2013-01-02 07:31 . 2010-04-24 13:00336896----a-w-c:\windows\system32\CNMLM9W.DLL
2013-01-02 07:31 . 2009-04-04 00:011321984----a-w-c:\windows\system32\CNC250C.dll
2013-01-02 07:31 . 2009-04-04 00:0092672----a-w-c:\windows\system32\CNC250I.dll
2013-01-02 07:31 . 2009-03-11 19:36328192----a-w-c:\windows\system32\CNC250L.dll
2013-01-02 07:31 . 2009-03-11 19:34303104----a-w-c:\windows\SysWow64\CNC250L.dll
2013-01-02 07:31 . 2008-08-26 02:0217920----a-w-c:\windows\system32\CNHMCA6.dll
2013-01-02 07:31 . 2009-04-03 23:57106496----a-w-c:\windows\SysWow64\CNC250U.dll
2013-01-02 07:31 . 2008-08-26 02:0215872----a-w-c:\windows\SysWow64\CNHMCA.dll
2013-01-02 06:03 . 2013-01-02 06:03--------d-----w-C:\TDSSKiller_Quarantine
2013-01-02 05:00 . 2013-01-02 05:00--------d-----w-c:\programdata\Malwarebytes
2013-01-02 04:50 . 2013-01-02 04:50--------d-----w-c:\users\Tadpole
2013-01-02 04:50 . 2013-01-02 04:50--------d-----w-C:\Recovery
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2013-01-02 11:14135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2013-01-02 11:14350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2013-01-02 11:14561664----a-w-c:\windows\apppatch\AcLayers.dll
2012-10-15 16:45 . 2012-10-15 16:45348160----a-w-c:\windows\SysWow64\msvcr71.dll
2012-10-15 16:45 . 2012-10-15 16:45499712----a-w-c:\windows\SysWow64\msvcp71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7a\AOL.EXE" [2012-10-15 72312]
"cdloader"="c:\users\Tadpole\AppData\Roaming\mjusbsp\cdloader2.exe" [2012-02-01 50592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SMessaging"="c:\users\Tadpole\AppData\Local\Strongvault Online Backup\SMessaging.exe" [2012-04-05 31664]
"HostManager"="c:\program files (x86)\Common Files\AOL\1357094281\ee\AOLSoftware.exe" [2010-03-08 41800]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-01-03 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-03 30568]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2013-01-03 711112]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2009-06-10 378368]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-02 02:20]
.
2013-01-03 c:\windows\Tasks\SaveAsUpdaterTask{7ED21A0B-A79E-48FA-B8FA-4F2768FA7F7B}.job
- c:\programdata\Premium\SaveAs\SaveAs.exe [2013-01-02 14:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
SafeBoot-32580286.sys
AddRemove-SP_156f8a5f - c:\program files (x86)\SaveAs\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-03 12:12:28
ComboFix-quarantined-files.txt 2013-01-03 17:12
.
Pre-Run: 950,175,006,720 bytes free
Post-Run: 950,228,619,264 bytes free
.
- - End Of File - - 16732C592FC65136AA1B7C656ACCFE74
 
TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
 
Let's take a closer look to the hard disk and outside of the operating system...


Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:
    frst2.jpg

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.
 
When I get to the thing where it says to "type e:\frst.exe in the window I do what it tells me to do.. 1st I went to notepad to find my flash drive letter then I typed it in but then it tells me "g:\frst.exe is [FONT=Tahoma]not recognized as an internal or external command, operable program or batch file [/FONT]did I do something wrong? btw I have a windows 7.
 
Here they are. I hope it was only 2 not 3, bc I did not see a 3rd one
 

Attachments

  • FRST.txt
    100.4 KB · Views: 3
  • Search.txt
    757 bytes · Views: 0
avast! aswMBR

Please download aswMBR from here
  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Uncheck "Trace disk IO calls".
  • Click the Scan button to start the scan as illustrated below
aswMBR_Scan.jpg

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives.
  • Once the scan finishes click Save log to save the log to your Desktop
    aswMBR_SaveLog.png
  • Copy and paste the contents of aswMBR.txt back here for review
  • Please also find MBR.dat on your Desktop, and rename it to MBRscan.txt. Upload that as well. Do not copy and paste MBR.dat/txt, it needs to be uploaded.
 
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-06 17:44:34
-----------------------------
17:44:34.083 OS Version: Windows x64 6.1.7601 Service Pack 1
17:44:34.083 Number of processors: 4 586 0x203
17:44:34.084 ComputerName: TADPOLE-PC UserName: Tadpole
17:44:35.764 Initialize success
17:45:17.671 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:45:17.675 Disk 0 Vendor: Hitachi_HDT721010SLA360 ST6OA31B Size: 953869MB BusType: 3
17:45:17.686 Disk 0 MBR read successfully
17:45:17.690 Disk 0 MBR scan
17:45:17.694 Disk 0 Windows 7 default MBR code
17:45:17.699 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15005 MB offset 63
17:45:17.715 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 30734336
17:45:17.727 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938761 MB offset 30939136
17:45:17.759 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 1 MB offset 1953521664
17:45:17.808 Disk 0 scanning C:\Windows\system32\drivers
17:45:21.313 Service scanning
17:45:32.766 Modules scanning
17:45:32.779 Scan finished successfully
17:46:30.319 Disk 0 MBR has been saved successfully to "C:\Users\Tadpole\Desktop\MBR.dat"
17:46:30.394 The log file has been saved successfully to "C:\Users\Tadpole\Desktop\aswMBR.txt"
 

Attachments

  • MBRscan.txt
    512 bytes · Views: 2
OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
OTL logfile created on: 1/7/2013 10:16:13 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tadpole\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.75 Gb Total Physical Memory | 6.04 Gb Available Physical Memory | 77.95% Memory free
15.50 Gb Paging File | 13.57 Gb Available in Paging File | 87.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.76 Gb Total Space | 857.73 Gb Free Space | 93.56% Space Free | Partition Type: NTFS
Drive D: | 499.76 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TADPOLE-PC | User Name: Tadpole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/07 08:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tadpole\Desktop\OTL.exe
PRC - [2013/01/03 02:28:23 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 19:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 17:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/19 09:50:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\SaveAs\SaveAs.exe
PRC - [2012/08/13 06:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/07/31 06:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/06/13 06:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/14 07:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files (x86)\Common Files\AOL\1357094281\ee\aolsoftware.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/28 17:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 17:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/13 00:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/13 00:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/03 02:28:23 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2013/01/01 21:20:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 17:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/09 14:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/08/13 06:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/13 06:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 07:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/03 02:28:24 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/14 19:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/31 01:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/24 18:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/08/21 16:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/26 06:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 07:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/31 07:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 16:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 16:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 16:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/05/23 04:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:35:48 | 000,378,368 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL85n64.sys -- (RTL85n64)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/29 17:24:49 | 000,024,064 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wanatw64.sys -- (wanatw)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{86523F5C-A757-4FB9-AB45-B21BE886BB63}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 39 A8 66 4B A5 E8 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {5C9B1DDB-4163-4B4B-8B4B-1323D32B471A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{25679684-9C15-4DF0-B0AB-E4DEB9C5C611}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
IE - HKCU\..\SearchScopes\{5C9B1DDB-4163-4B4B-8B4B-1323D32B471A}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=010213&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2013/01/02 03:27:52 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AOL Messaging Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AOL Messaging Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Messaging Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HostManager] C:\Program Files (x86)\Common Files\AOL\1357094281\ee\aolsoftware.exe (AOL Inc.)
O4 - HKLM..\Run: [SMessaging] C:\Users\Tadpole\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Tadpole\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20DF4C2C-FD87-4E96-BB94-06EBDADFDED5}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/22 10:35:35 | 000,091,464 | R--- | M] () - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/08/25 03:14:07 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 02:48:47 | 000,028,064 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 02:48:47 | 000,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 02:48:47 | 000,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 02:48:47 | 000,684,200 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/07 08:22:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Tadpole\Desktop\OTL.exe
[2013/01/07 03:06:50 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/06 22:20:29 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\PhoenixViewer
[2013/01/06 22:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix Viewer
[2013/01/06 22:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phoenix Viewer
[2013/01/06 17:41:42 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Tadpole\Desktop\aswMBR.exe
[2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2013/01/06 14:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2013/01/06 14:01:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2013/01/06 11:19:40 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/06 11:03:38 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\SecondLife
[2013/01/06 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\SecondLife
[2013/01/06 11:02:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Second Life Viewer
[2013/01/06 11:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecondLifeViewer
[2013/01/06 10:55:49 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Firestorm
[2013/01/06 10:55:47 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Firestorm
[2013/01/06 10:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firestorm-Release
[2013/01/06 10:49:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firestorm-Release
[2013/01/06 03:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/01/05 08:05:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Documents\Notes
[2013/01/04 03:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/01/03 16:09:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/03 15:58:55 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tadpole\Desktop\tdsskiller.exe
[2013/01/03 12:12:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/03 11:50:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/03 11:50:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/03 11:50:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/03 11:50:40 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/03 11:50:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/03 11:43:00 | 005,018,515 | R--- | C] (Swearware) -- C:\Users\Tadpole\Desktop\ComboFix.exe
[2013/01/03 09:24:46 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\tjnet
[2013/01/03 09:17:27 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\magicJack
[2013/01/03 09:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\magicJack
[2013/01/03 09:15:40 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\mjusbsp
[2013/01/03 06:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/01/03 06:54:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/01/03 02:28:33 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/03 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\WinRAR
[2013/01/03 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/03 01:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/01/03 01:33:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/01/03 01:03:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/03 00:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/03 00:50:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/03 00:50:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/02 23:05:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/02 23:05:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/02 08:30:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/01/02 07:14:08 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Desktop\Alestorm - Back Through Time (Limited Edition) 2011 (320 kbps)
[2013/01/02 06:49:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/02 06:46:23 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Desktop\Alestorm-Captain Morgans Revenge 2008
[2013/01/02 06:46:23 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Desktop\Alestorm - Black Sails At Midnight 2009
[2013/01/02 06:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2013/01/02 06:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WoW Worldwide Software LTD
[2013/01/02 06:00:01 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\TFP
[2013/01/02 05:59:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Torch
[2013/01/02 05:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2013/01/02 05:58:24 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\MusicNet
[2013/01/02 05:58:22 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\Documents\My Received Files
[2013/01/02 05:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iMesh Applications
[2013/01/02 05:57:23 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\PackageAware
[2013/01/02 05:49:26 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Apple Computer
[2013/01/02 05:49:26 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Apple Computer
[2013/01/02 05:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/02 05:49:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/01/02 05:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/01/02 05:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/02 05:47:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Apple
[2013/01/02 05:47:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/01/02 05:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/02 05:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/02 05:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/01/02 05:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/01/02 05:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/01/02 03:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/02 03:26:53 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/01/02 03:12:17 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\AVG2012
[2013/01/02 03:11:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2013/01/02 03:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/02 03:11:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/02 03:11:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2013/01/02 03:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2013/01/02 03:10:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2013/01/02 03:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/01/02 03:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/02 02:31:51 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2013/01/02 02:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
[2013/01/02 02:31:44 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/01/02 01:03:36 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/02 00:15:07 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\ElevatedDiagnostics
[2013/01/02 00:00:39 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Malwarebytes
[2013/01/02 00:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/01 23:57:58 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Programs
[2013/01/01 23:50:30 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/01 23:50:30 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Searches
[2013/01/01 23:50:30 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/01/01 23:50:30 | 000,000,000 | -H-D | C] -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/01 23:50:22 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Identities
[2013/01/01 23:50:20 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Contacts
[2013/01/01 23:50:19 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\VirtualStore
[2013/01/01 23:50:14 | 000,000,000 | --SD | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Videos
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Saved Games
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Pictures
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Music
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Links
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Favorites
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Downloads
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Documents
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\Desktop
[2013/01/01 23:50:14 | 000,000,000 | R--D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\AppData\Local\Temporary Internet Files
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Templates
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Start Menu
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\SendTo
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Recent
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\PrintHood
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\NetHood
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Documents\My Videos
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Documents\My Pictures
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Documents\My Music
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\My Documents
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Local Settings
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\AppData\Local\History
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Cookies
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\Application Data
[2013/01/01 23:50:14 | 000,000,000 | -HSD | C] -- C:\Users\Tadpole\AppData\Local\Application Data
[2013/01/01 23:50:14 | 000,000,000 | -H-D | C] -- C:\Users\Tadpole\AppData
[2013/01/01 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Temp
[2013/01/01 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Microsoft
[2013/01/01 23:50:14 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Media Center Programs
[2013/01/01 23:50:08 | 000,000,000 | ---D | C] -- C:\Recovery
[2013/01/01 23:50:05 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/01/01 23:42:14 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/01/01 23:41:46 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/01/01 23:40:55 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/01/01 23:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013/01/01 22:24:50 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Diagnostics
[2013/01/01 21:54:02 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Skype
[2013/01/01 21:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/01 21:53:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/01 21:53:52 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/01/01 21:53:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/01/01 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Macromedia
[2013/01/01 21:46:45 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\AOL
[2013/01/01 21:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL
[2013/01/01 21:46:39 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\AOL Toolbar
[2013/01/01 21:46:32 | 000,058,696 | ---- | C] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
[2013/01/01 21:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2013/01/01 21:46:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Toolbar
[2013/01/01 21:46:26 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\AIM Toolbar
[2013/01/01 21:44:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
[2013/01/01 21:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2013/01/01 21:37:31 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Microsoft Games
[2013/01/01 21:37:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL
[2013/01/01 21:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.7a
[2013/01/01 21:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Desktop 9.7
[2013/01/01 21:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AOL
[2013/01/01 21:30:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\aolshare
[2013/01/01 21:30:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2013/01/01 21:27:33 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Strongvault
[2013/01/01 21:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/01/01 21:27:22 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Strongvault Online Backup
[2013/01/01 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\Stronghold_LLC
[2013/01/01 21:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AIM Toolbar
[2013/01/01 21:27:11 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/01/01 21:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM Toolbar
[2013/01/01 21:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/01/01 21:26:57 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
[2013/01/01 21:26:51 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Local\AOL
[2013/01/01 21:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Downloads
[2013/01/01 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Macromedia
[2013/01/01 21:20:20 | 000,000,000 | ---D | C] -- C:\Users\Tadpole\AppData\Roaming\Adobe
[2013/01/01 21:20:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/01/01 21:20:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/01/01 20:59:30 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
 
========== Files - Modified Within 30 Days ==========

[2013/01/07 09:47:14 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/07 09:47:14 | 000,019,488 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/07 09:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/07 08:48:58 | 105,409,812 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/01/07 08:22:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tadpole\Desktop\OTL.exe
[2013/01/07 07:49:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/07 07:49:12 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/07 07:49:12 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/07 07:44:50 | 000,000,374 | -H-- | M] () -- C:\Windows\tasks\SaveAsUpdaterTask{7ED21A0B-A79E-48FA-B8FA-4F2768FA7F7B}.job
[2013/01/07 07:44:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/07 07:44:31 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 22:19:48 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2013/01/06 17:42:34 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Tadpole\Desktop\aswMBR.exe
[2013/01/06 14:02:43 | 000,001,242 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2013/01/06 11:02:11 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2013/01/06 10:50:58 | 000,001,321 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2013/01/06 10:20:48 | 000,000,999 | ---- | M] () -- C:\Users\Tadpole\Desktop\magicJack.lnk
[2013/01/06 09:06:09 | 000,030,677 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/01/05 11:27:51 | 000,018,910 | ---- | M] () -- C:\Users\Tadpole\Documents\msg0001.wav
[2013/01/05 08:05:11 | 000,004,544 | ---- | M] () -- C:\Users\Tadpole\Desktop\New Journal Document.jnt
[2013/01/03 15:59:05 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tadpole\Desktop\tdsskiller.exe
[2013/01/03 11:43:03 | 005,018,515 | R--- | M] (Swearware) -- C:\Users\Tadpole\Desktop\ComboFix.exe
[2013/01/03 08:16:19 | 000,020,664 | ---- | M] () -- C:\Users\Tadpole\Desktop\DDS Logs.zip
[2013/01/03 07:42:43 | 000,551,997 | ---- | M] () -- C:\Users\Tadpole\Desktop\adwcleaner.exe
[2013/01/03 07:18:03 | 000,001,441 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/03 07:14:58 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/03 06:11:41 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/03 06:11:36 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/03 02:28:24 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/01/03 01:22:07 | 282,020,331 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/03 00:50:21 | 000,001,137 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/03 00:50:21 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/02 23:06:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/02 06:00:18 | 000,002,065 | ---- | M] () -- C:\Users\Tadpole\Desktop\Facebook.lnk
[2013/01/02 06:00:18 | 000,002,063 | ---- | M] () -- C:\Users\Tadpole\Desktop\Youtube.lnk
[2013/01/02 06:00:18 | 000,001,256 | ---- | M] () -- C:\Users\Tadpole\Desktop\Torch.lnk
[2013/01/02 06:00:07 | 000,001,116 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/01/02 06:00:02 | 000,003,584 | ---- | M] () -- C:\Users\Tadpole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/02 05:49:22 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/02 03:26:03 | 000,629,730 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2013/01/02 03:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2013/01/02 03:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2013/01/02 03:11:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2013/01/02 02:31:09 | 000,023,086 | ---- | M] () -- C:\Users\Tadpole\Documents\test moo.xps
[2013/01/01 23:56:27 | 000,000,007 | ---- | M] () -- C:\Users\Tadpole\Desktop\New Rich Text Document.rtf
[2013/01/01 23:45:00 | 000,115,640 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/01/01 23:45:00 | 000,115,640 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/01/01 23:43:40 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/01/01 23:42:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/01/01 21:53:57 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/01 21:46:45 | 000,001,130 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2013/01/01 21:46:45 | 000,001,038 | ---- | M] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
[2013/01/01 21:26:57 | 000,001,044 | ---- | M] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2013/01/01 21:26:57 | 000,001,042 | ---- | M] () -- C:\Users\Tadpole\Desktop\AIM.lnk
[2013/01/01 21:25:29 | 000,058,696 | ---- | M] (AOL Inc.) -- C:\Windows\SysWow64\AOLParconLink.exe
[2013/01/01 21:23:34 | 000,000,335 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/12/14 19:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/01/07 08:48:58 | 105,409,812 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013/01/06 22:19:48 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Phoenix Viewer.lnk
[2013/01/06 14:02:32 | 000,001,242 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2013/01/06 11:02:11 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer.lnk
[2013/01/06 10:50:58 | 000,001,321 | ---- | C] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2013/01/06 09:06:09 | 000,030,677 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013/01/05 11:27:51 | 000,018,910 | ---- | C] () -- C:\Users\Tadpole\Documents\msg0001.wav
[2013/01/05 08:05:11 | 000,004,544 | ---- | C] () -- C:\Users\Tadpole\Desktop\New Journal Document.jnt
[2013/01/03 11:50:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/03 11:50:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/03 11:50:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/03 11:50:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/03 11:50:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/03 09:17:04 | 000,000,999 | ---- | C] () -- C:\Users\Tadpole\Desktop\magicJack.lnk
[2013/01/03 09:17:04 | 000,000,985 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
[2013/01/03 08:16:19 | 000,020,664 | ---- | C] () -- C:\Users\Tadpole\Desktop\DDS Logs.zip
[2013/01/03 07:42:40 | 000,551,997 | ---- | C] () -- C:\Users\Tadpole\Desktop\adwcleaner.exe
[2013/01/03 06:25:40 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/03 06:11:41 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/03 06:11:36 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/03 06:05:33 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/03 00:50:21 | 000,001,137 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/01/03 00:50:21 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/02 23:06:07 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/02 08:29:58 | 282,020,331 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/02 06:33:07 | 000,000,374 | -H-- | C] () -- C:\Windows\tasks\SaveAsUpdaterTask{7ED21A0B-A79E-48FA-B8FA-4F2768FA7F7B}.job
[2013/01/02 06:00:12 | 000,001,194 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2013/01/02 06:00:07 | 000,002,065 | ---- | C] () -- C:\Users\Tadpole\Desktop\Facebook.lnk
[2013/01/02 06:00:07 | 000,002,063 | ---- | C] () -- C:\Users\Tadpole\Desktop\Youtube.lnk
[2013/01/02 06:00:07 | 000,001,256 | ---- | C] () -- C:\Users\Tadpole\Desktop\Torch.lnk
[2013/01/02 06:00:07 | 000,001,116 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/01/02 06:00:02 | 000,003,584 | ---- | C] () -- C:\Users\Tadpole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/02 05:49:22 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/02 05:47:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/01/02 03:26:03 | 000,629,730 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2013/01/02 03:11:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2013/01/02 03:11:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2013/01/02 03:11:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2013/01/02 02:31:11 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\CNC173AD.TBL
[2013/01/02 02:31:11 | 000,012,288 | ---- | C] () -- C:\Windows\SysNative\CNC173AD.TBL
[2013/01/02 02:31:09 | 000,023,086 | ---- | C] () -- C:\Users\Tadpole\Documents\test moo.xps
[2013/01/01 23:56:27 | 000,000,007 | ---- | C] () -- C:\Users\Tadpole\Desktop\New Rich Text Document.rtf
[2013/01/01 23:54:48 | 000,001,441 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/01 23:51:02 | 000,001,413 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/01/01 23:50:58 | 000,001,447 | ---- | C] () -- C:\Users\Tadpole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/01 23:50:14 | 000,000,290 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/01/01 23:50:14 | 000,000,272 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/01/01 23:44:53 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/01/01 23:44:50 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/01/01 23:43:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/01 23:42:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/01/01 23:41:46 | 1945,509,887 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/01 21:53:57 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/01 21:46:45 | 000,001,130 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AOL Desktop 9.7.lnk
[2013/01/01 21:46:45 | 000,001,038 | ---- | C] () -- C:\Users\Public\Desktop\AOL Desktop 9.7.lnk
[2013/01/01 21:26:57 | 000,001,044 | ---- | C] () -- C:\Users\Tadpole\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2013/01/01 21:26:57 | 000,001,042 | ---- | C] () -- C:\Users\Tadpole\Desktop\AIM.lnk
[2013/01/01 21:23:34 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2013/01/01 21:20:11 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/01 20:59:41 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/02 03:12:17 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\AVG2012
[2013/01/06 19:59:56 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\Firestorm
[2013/01/06 10:20:59 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\mjusbsp
[2013/01/02 05:58:24 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\MusicNet
[2013/01/06 20:04:54 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\SecondLife
[2013/01/01 21:27:33 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\Strongvault
[2013/01/02 06:00:03 | 000,000,000 | ---D | M] -- C:\Users\Tadpole\AppData\Roaming\TFP

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:373E1720
< End of report >
 
Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
The only thing I know is that before reinstalling windows 7 I was unable to use my dvd drive or usb ports and after the reinstalli tried a different virus detector and it keeps on saying it removed the same virus over and over again but it just seems to never be removed from my PC.. it just stays on my PC and here is a Picture of what the virus scanner has to say about it.
 

Attachments

  • mse.png
    mse.png
    277.1 KB · Views: 3
And.. I came here mainly bc I called microsoft tech support up and asked them about the virus and they said if its not removed then it will efect my Emails and PC's around me and steal lots of data,.. but they told me I will have to pay 99 $for them to remove it and I do not have that kind of money so I came here lol
 
Thanks for showing the information, as TDSSKiller did not identify it, sadly.

We need to remove a partition, but I need some more information. You'll have to work steady with me here, because if you don't get this right and delete something incorrect, it's irreversible. :p

But, I'll do my best to help you avoid any issues.

The following is just to verify some information again:

Check Partitions

Please download Listparts
Run the tool,
check the "list BCD" box
click "Scan" and post the log (Result.txt) it makes.
 
ListParts by Farbar Version: 30-10-2012
Ran by Tadpole (administrator) on 09-01-2013 at 10:57:08
Windows 7 (X64)
Running From: C:\Users\Tadpole\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 7935.18 MB
Available physical RAM: 5948.9 MB
Total Pagefile: 15868.55 MB
Available Pagefile: 13262.52 MB
Total Virtual: 4095.88 MB
Available Virtual: 3980.12 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:916.76 GB) (Free:859.74 GB) NTFS
2 Drive d: (AVG 2012 - B1780) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 14 GB 31 KB
Partition 2 Primary 100 MB 14 GB
Partition 3 Primary 916 GB 14 GB
Partition 4 Primary 1744 KB 931 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 PQSERVICE NTFS Partition 14 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 System Rese NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 916 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 4
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================
'bcdedit' is not recognized as an internal or external command,
operable program or batch file.


****** End Of Log ******
 
Okay. Here we go with the fix:

FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    37 bytes · Views: 5
Status
Not open for further replies.

Similar threads

B
Windows 11 not connecting remotely to server
Replies
0
Views
457
blakhatter
B
N
Very long delay in receiving incoming emails in outlook 2021
Replies
0
Views
283
Neitanod
N
Senius
What would my FPS be low with 4090?
Replies
1
Views
865
Nelson28
N

Latest posts

Back