Hi there, Ok so everything done as you requested. Just a couple of things i had another redirect today was slightly different to usual as hitting the back button didnt work i had to manually right click and select the page i wanted to go back to as it kept just redirecting to the same page.
ComboFix 12-05-17.05 - Ash 17/05/2012 21:16:53.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4095.2649 [GMT 1:00]
Running from: c:\users\Ash\Desktop\ComboFix.exe
Command switches used :: c:\users\Ash\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 20:18 . 2012-05-17 20:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-15 20:40 . 2012-05-15 20:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-11 14:29 . 2012-05-11 14:29 -------- d-----w- C:\_OTL
2012-05-11 14:25 . 2012-05-11 14:26 -------- d-----w- c:\program files (x86)\ERUNT
2012-05-08 20:39 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 20:39 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-08 20:39 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 20:39 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 20:39 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 20:39 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 20:38 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 20:38 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 20:38 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 20:38 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-08 20:38 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 20:38 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 20:38 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-05 18:06 . 2012-05-05 18:06 -------- d-----w- c:\program files\iPod
2012-05-05 18:06 . 2012-05-05 18:07 -------- d-----w- c:\program files\iTunes
2012-05-05 18:06 . 2012-05-05 18:07 -------- d-----w- c:\program files (x86)\iTunes
2012-05-05 18:04 . 2012-05-05 18:04 -------- d-----w- c:\program files\Bonjour
2012-05-05 18:04 . 2012-05-05 18:04 -------- d-----w- c:\program files (x86)\Bonjour
2012-05-05 17:32 . 2012-05-05 17:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-05 17:32 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 17:18 . 2012-05-05 17:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-05 17:17 . 2012-05-05 17:17 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-04 18:58 . 2012-05-04 18:58 -------- d-----w- c:\users\Ash\AppData\Local\AVG Secure Search
2012-05-04 18:55 . 2012-05-04 18:55 -------- d-----w- c:\users\Ash\AppData\Roaming\AVG2012
2012-05-04 18:55 . 2012-05-04 19:15 -------- d-----w- c:\programdata\AVG2012
2012-05-04 18:50 . 2012-05-04 18:50 -------- d-----w- c:\users\Ash\AppData\Local\CRE
2012-05-04 18:49 . 2012-05-05 12:17 -------- d-----w- c:\users\Ash\AppData\Roaming\Nico Mak Computing
2012-05-04 18:49 . 2011-11-10 09:33 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-05-04 18:49 . 2012-05-05 12:20 -------- d-----w- c:\program files (x86)\WinZip Registry Optimizer
2012-05-04 18:47 . 2012-05-04 18:47 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-04 18:47 . 2012-05-04 18:47 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-04 18:47 . 2012-05-04 18:47 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-03 21:22 . 2012-05-03 21:22 -------- d-----w- c:\users\Ash\AppData\Roaming\Nuance
2012-05-03 21:22 . 2012-05-03 21:22 -------- d-----w- c:\users\Ash\AppData\Roaming\FLEXnet
2012-05-03 21:22 . 2012-05-03 21:22 -------- d-----w- c:\users\Ash\AppData\Roaming\Zeon
2012-05-03 21:21 . 2012-05-03 21:22 -------- d-----w- c:\programdata\Nuance
2012-05-03 21:21 . 2012-05-03 21:21 -------- d-----w- c:\programdata\ScanSoft
2012-05-03 21:21 . 2012-05-03 21:21 -------- d-----w- c:\programdata\FLEXnet
2012-05-03 21:21 . 2012-05-03 21:21 -------- d-----w- c:\program files (x86)\Nuance
2012-05-03 21:20 . 2012-05-03 21:20 -------- d-----w- c:\users\Ash\AppData\Local\Downloaded Installations
2012-05-01 15:51 . 2012-05-01 15:51 -------- d-----w- c:\programdata\ATI
2012-05-01 15:50 . 2012-05-01 15:50 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-22 10:17 . 2012-04-22 10:20 -------- d-----w- c:\users\Ash\AppData\Roaming\Notepad++
2012-04-22 10:17 . 2012-04-22 10:17 -------- d-----w- c:\program files (x86)\Notepad++
2012-04-21 17:50 . 2012-04-21 17:50 -------- d-----w- c:\windows\en
2012-04-21 17:44 . 2012-04-21 17:44 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\619045591cd1fe601\DSETUP.dll
2012-04-21 17:44 . 2012-04-21 17:44 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\619045591cd1fe601\DXSETUP.exe
2012-04-21 17:44 . 2012-04-21 17:44 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\619045591cd1fe601\dsetup32.dll
2012-04-19 03:50 . 2012-04-19 03:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-04-18 17:05 . 2012-04-18 17:05 -------- d-----w- c:\users\Ash\AppData\Local\AMD
2012-04-17 21:14 . 2012-05-02 15:52 -------- d-----w- c:\programdata\AMD
2012-04-17 21:14 . 2012-04-17 21:14 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-17 21:14 . 2012-04-17 21:14 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-17 21:12 . 2010-02-18 08:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
2012-04-17 21:08 . 2012-04-17 21:08 -------- d-----w- C:\AMD
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:17 . 2010-09-19 20:34 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2010-08-04 00:54 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2010-02-03 04:22 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2010-08-04 00:46 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2010-08-25 00:18 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2010-02-03 04:04 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2010-02-03 03:43 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2010-02-03 03:49 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2010-02-03 03:24 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2010-02-03 03:23 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2010-08-04 00:15 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2010-02-03 03:23 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-04-05 21:34 . 2012-04-05 21:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 21:34 . 2012-04-05 21:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-05 21:34 . 2012-04-05 21:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-05 21:33 . 2012-04-05 21:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-05 21:33 . 2012-04-05 21:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-05 21:33 . 2012-04-05 21:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-05 21:32 . 2012-04-05 21:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-03-25 16:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-25 16:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-20 12:50 . 2012-04-17 17:41 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-19 04:17 . 2012-03-19 04:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-03-09 00:24 . 2012-03-09 00:24 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 00:24 . 2012-03-09 00:24 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-01 06:46 . 2012-04-12 21:07 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-03-01 06:38 . 2012-04-12 21:07 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-03-01 06:33 . 2012-04-12 21:07 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-03-01 06:28 . 2012-04-12 21:07 5120 ----a-w- c:\windows\system32\wmi.dll
2012-03-01 05:37 . 2012-04-12 21:07 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-03-01 05:33 . 2012-04-12 21:07 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-03-01 05:29 . 2012-04-12 21:07 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-28 06:39 . 2012-04-12 08:31 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 05:38 . 2012-04-12 08:31 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 04:31 . 2012-04-12 08:31 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 03:52 . 2012-04-12 08:31 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 12:32 . 2012-02-23 12:32 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
2012-02-22 04:25 . 2012-02-22 04:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-21 22:07 . 2011-04-03 14:55 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2012-02-21 22:07 . 2011-04-03 14:55 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2012-02-21 22:07 . 2011-04-03 14:55 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2009-07-16 22:13 . 2009-07-16 22:13 1246440 ----a-w- c:\program files\DAOriginsLauncher.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_17.23.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-05-16 15:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-17 18:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-17 18:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 15:49 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 15:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-17 18:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-25 00:30 . 2012-05-17 20:22 68330 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-17 20:22 34028 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-08-25 00:30 . 2012-05-17 20:22 28418 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-689666306-1716364123-2076767426-1000_UserData.bin
- 2010-08-25 07:04 . 2012-05-16 17:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-25 07:04 . 2012-05-17 20:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-25 07:04 . 2012-05-16 17:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-25 07:04 . 2012-05-17 20:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-16 17:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-17 20:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-25 00:39 . 2012-05-17 20:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-25 00:39 . 2012-05-16 17:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-08-25 00:39 . 2012-05-16 17:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-08-25 00:39 . 2012-05-17 20:22 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-08-25 00:39 . 2012-05-16 17:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-25 00:39 . 2012-05-17 20:22 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-25 00:39 . 2012-05-16 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-25 00:39 . 2012-05-17 20:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-25 00:39 . 2012-05-17 20:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-25 00:39 . 2012-05-16 17:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-16 17:23 . 2012-05-16 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-17 20:19 . 2012-05-17 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-16 17:23 . 2012-05-16 17:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-17 20:19 . 2012-05-17 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-17 20:19 . 2009-10-07 00:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
- 2012-05-16 17:23 . 2009-10-07 00:46 131608 c:\windows\Temp\logishrd\LVPrcInj02.dll
+ 2012-05-17 20:19 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
- 2012-05-16 17:23 . 2009-10-07 00:47 109080 c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2009-07-14 05:01 . 2012-05-17 20:18 390744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-16 17:22 390744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-07-23 23:05 . 2012-05-16 17:22 2087392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-23 23:05 . 2012-05-17 20:18 2087392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-03 08:24 . 2012-05-14 21:33 4653744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-689666306-1716364123-2076767426-1000-12288.dat
+ 2011-08-03 08:24 . 2012-05-16 22:04 4653744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-689666306-1716364123-2076767426-1000-12288.dat
- 2011-03-25 22:58 . 2012-05-16 17:22 38447799 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-689666306-1716364123-2076767426-1000-8192.dat
+ 2011-03-25 22:58 . 2012-05-17 20:18 38447799 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-689666306-1716364123-2076767426-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-05-04 18:57 2067328 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-05-04 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 2439072]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-05-04 1116544]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2010-07-05 333088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [x]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Ash\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264]
R3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-05-21 64000]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-05-04 932736]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"ISW"="" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
hxxp://www.google.co.uk/mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Ash\AppData\Roaming\Mozilla\Firefox\Profiles\l6k2sjcs.default\
FF - prefs.js: keyword.URL -
hxxp://isearch.avg.com/search?cid=%7Bff ... &sap=ku&q=.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-689666306-1716364123-2076767426-1000\Software\SecuROM\License information*]
"datasecu"=hex:d8,50,03,bf,fc,15,f7,ed,da,8e,0b,19,99,4e,f7,da,37,ef,77,ff,15,
66,71,49,b1,6b,4a,4d,bc,e8,77,9c,66,23,ad,06,85,eb,5a,2e,cc,77,5c,44,04,0b,\
"rkeysecu"=hex:32,ba,43,f7,df,4c,07,7e,0d,b6,2b,2e,f5,61,45,cc
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-05-17 21:25:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 20:25
ComboFix2.txt 2012-05-16 17:28
.
Pre-Run: 123,117,887,488 bytes free
Post-Run: 122,848,026,624 bytes free
.
- - End Of File - - CDAA36FBC5FE56D7690499ECA430E51C
;***********************************************************************************************************************************************************************************
ANALYSIS: 2012-05-17 21:40:17
PROTECTIONS: 1
MALWARE: 6
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free Edition 2012 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\urhww0zn.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\c31fg2xf.txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\zffa32dx.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\jv21e52t.txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\qjwl43by.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\5cqp95ws.txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\9p4n4a69.txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\zdqq0icq.txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\ash\appdata\roaming\microsoft\windows\cookies\vrafphzv.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================