Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus Help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Virus Help

Unread postby maxi » July 24th, 2012, 12:29 pm

Hi Neil :)

I have a question before I answer yours :)


Did you find any of the other security programs installed ? Which one did you keep ?

Zain ego is my ISP.I use mobile broadband so it is my 3g usb modem software without which i cant use mobile broadband ie No internet.Combo fix did delete it since my 3g usb was not connected at that time .So i had to reinstall it.
So do i have to quarantine it!!!!. Please advice.

This was a false positive from ComboFix, The zain program is ok and can stay :) But still run the CFscript from the last post and copy and paste the log in your next reply.

tcip.sys was not found on my system when i tried to upload it onto virus total
It said "File not found".

I will advise you of how to do it a different way below.

My comodo firewall keeps stopping a connection from "System". should i be worried. Pls advice

Could you note down any files and file paths of which files are being blocked and post then in your next reply ?

Step 1
Set Your Computer to Show All Files/Folders.

  • Click Start.
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.

Then

Navigate to "c:\windows\system32\drivers\tcpip.sys"

Click-"Start"-"Computer"-"Windows (c:)"-"Windows"-"System32"-"Drivers"-tcpip.sys

When you get the file "right click" on it and select "copy", then go back to the desktop and "paste" the file there.

Then

Go back to http://www.virustotal.com and upload tcpip.sys thats on your desktop.

Step 2
Please download aswMBR and save it to your Desktop.
  • Right click aswMBR.exe & choose "Run as Administrator" to run it.
  • Click Yes to the prompt to download Avast! virus definitions.
    (Please be patient whilst the virus definitions download)
  • With the AVscan set to Quick Scan, click the Scan button.
    (Please be patient whilst your computer is scanned.)
  • After a while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK > Exit.
  • Note: Do not attempt to fix anything at this stage!
  • Two files will be created, aswMBR.txt & a file named MBR.dat.
  • MBR.dat is a backup of the MBR(master boot record), do not delete it..
  • I strongly suggest you keep a copy of this backup stored on an external device.
  • Copy & Paste the contents of aswMBR.txt into your next reply.

In your next reply please include:
The answer to my questions.
The ComboFix log from the previous post.
The link from Virustotal.
The log from aswMBR.
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.
Advertisement
Register to Remove

Re: Virus Help

Unread postby Neil » July 25th, 2012, 12:10 pm

Hey Maxi :)


1) Comofix log


ComboFix 12-07-21.01 - Neil 25/07/2012 18:21:47.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4008.2471 [GMT 3:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
Command switches used :: c:\users\Neil\Desktop\CFScript.txt
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1343112247.bdinstall.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 15:26 . 2012-07-25 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-25 15:26 . 2012-07-25 15:26 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-24 07:04 . 2012-07-15 23:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{659E5291-D64A-4FA9-B683-6725EE09FBA2}\mpengine.dll
2012-07-22 20:57 . 2012-07-22 20:57 98304 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-22 20:57 . 2012-07-22 20:57 87040 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-22 20:57 . 2012-07-22 20:57 72192 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-22 20:57 . 2012-07-22 20:57 417280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-07-22 20:57 . 2012-07-22 20:57 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-22 20:57 . 2012-07-22 20:57 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-22 20:57 . 2012-07-22 20:57 223232 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-22 20:57 . 2012-07-22 20:57 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-07-22 20:57 . 2012-07-22 20:57 218624 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-07-22 20:57 . 2012-07-22 20:57 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-22 20:57 . 2012-07-22 20:57 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-07-22 20:57 . 2012-07-22 20:57 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-07-21 03:36 . 2012-07-21 03:36 -------- d-----w- C:\FRST
2012-07-15 21:27 . 2012-07-15 21:27 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2012-07-15 21:26 . 2012-07-15 21:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 21:26 . 2012-07-15 21:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 21:26 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 20:27 . 2012-07-14 20:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-10 21:17 . 2012-07-12 22:46 -------- d-----w- c:\programdata\CPA_VA
2012-07-10 20:59 . 2012-07-10 21:08 -------- d-----w- c:\programdata\Comodo
2012-07-10 20:59 . 2012-07-10 20:59 -------- d-----w- c:\program files\COMODO
2012-07-10 20:59 . 2012-07-10 20:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-10 20:59 . 2012-07-10 20:59 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-07-09 19:29 . 2012-07-24 06:40 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner
2012-07-09 09:38 . 2012-07-09 09:38 -------- d-----w- c:\programdata\FrontLine Registry Cleaner
2012-07-09 09:38 . 2012-07-09 10:04 -------- d-----w- c:\program files (x86)\Frontline Registry Cleaner
2012-07-09 08:47 . 2012-07-22 20:33 -------- d-----w- c:\programdata\SecTaskMan
2012-07-09 08:47 . 2012-07-09 10:05 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-07-09 08:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-07-09 08:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-07-08 21:08 . 2012-07-08 21:08 -------- d-----w- c:\windows\SysWow64\My Vaults
2012-07-08 19:42 . 2012-07-08 19:42 -------- d-----w- c:\programdata\bdch
2012-07-08 15:10 . 2012-07-08 15:10 -------- d-----w- C:\found.000
2012-07-08 14:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-08 14:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-08 14:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-08 14:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-08 14:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-08 14:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-08 14:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-08 14:32 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-08 14:32 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-08 05:18 . 2012-07-08 05:18 -------- d-----w- c:\program files\CCleaner
2012-07-07 21:19 . 2012-07-07 21:19 -------- d-----w- c:\programdata\BDLogging
2012-07-07 20:54 . 2012-07-07 20:54 -------- d-----w- c:\users\Neil\AppData\Roaming\QuickScan
2012-07-07 20:53 . 2012-07-24 06:46 -------- d-----w- c:\program files\Bitdefender
2012-07-07 20:51 . 2012-07-24 06:45 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-07 20:40 . 2012-07-07 20:40 -------- d-----w- c:\users\Neil\AppData\Roaming\SpeedyPC Software
2012-07-07 20:40 . 2012-07-07 20:40 -------- d-----w- c:\users\Neil\AppData\Roaming\DriverCure
2012-07-07 20:39 . 2012-07-24 06:39 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-04 07:04 . 2012-07-04 07:03 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-04 07:03 . 2012-07-04 07:03 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 06:47 . 2011-05-16 21:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-22 20:57 . 2012-03-05 08:24 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-07-22 20:57 . 2012-03-05 08:24 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-07-04 07:03 . 2012-03-09 14:54 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-07 10:34 . 2012-06-07 10:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-07 10:34 . 2012-03-12 12:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-03 20:28 . 2012-03-09 18:04 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-11 09:54 . 2012-03-07 12:10 1891384 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-03-30 . ACB82BDA8F46C84F465C1AFA517DC4B9 . 1918320 . . [6.1.7601.17802] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[7] 2012-03-30 . 624C5B3AA4C99B3184BB922D9ECE3FF0 . 1895280 . . [6.1.7600.16986] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[7] 2012-03-30 . 885B202006EE17AE99B9FBCEC9AF88C9 . 1901424 . . [6.1.7601.21954] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[7] 2012-03-30 . 5EFD096DEF47F8B88EF591DA92143440 . 1877872 . . [6.1.7600.21178] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[7] 2011-09-29 . F18F56EFC0BFB9C87BA01C37B27F4DA5 . 1897328 . . [6.1.7600.16889] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[7] 2011-09-29 . AC3E29880DB5659532A1AA3439304A43 . 1886064 . . [6.1.7600.21060] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[7] 2011-01-12 . 90A2D722CF64D911879D6C4A4F802A4D . 1896832 . . [6.1.7600.16610] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[7] 2011-01-12 . 542C6767C68C9D6AAACA59436B0D15C2 . 1889152 . . [6.1.7600.20733] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[7] 2010-11-20 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[7] 2010-04-09 . 7FC877A25796D8ADF539E64703FCA7E1 . 1898376 . . [6.1.7600.16569] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[7] 2010-04-09 . A9C0F786AC1F736891D05CE0A1D29DEB . 1892232 . . [6.1.7600.20687] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[7] 2009-07-14 . 912107716BAB424C7870E8E6AF5E07E1 . 1898576 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[-] 2012-05-11 . 98C68F9B6381AD34FC3924DFF2393278 . 1891384 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-07-22_20.48.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-16 21:16 . 2012-07-22 20:50 46180 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-24 06:48 39644 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-08 10:19 . 2012-07-24 06:48 12788 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3022402605-2101226938-1445187523-1001_UserData.bin
+ 2009-07-14 05:30 . 2012-07-23 09:22 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-07-10 21:05 86016 c:\windows\system32\DriverStore\infpub.dat
- 2012-03-05 08:24 . 2012-03-05 08:24 32768 c:\windows\system32\DriverStore\FileRepository\ewdcsc.inf_amd64_neutral_bced45a9ee663b91\ewdcsc.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 32768 c:\windows\system32\DriverStore\FileRepository\ewdcsc.inf_amd64_neutral_bced45a9ee663b91\ewdcsc.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 28672 c:\windows\system32\DriverStore\FileRepository\ew_juextctrl.inf_amd64_neutral_098f48005d0ee8ad\ew_juextctrl.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 28672 c:\windows\system32\DriverStore\FileRepository\ew_juextctrl.inf_amd64_neutral_098f48005d0ee8ad\ew_juextctrl.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 98304 c:\windows\system32\DriverStore\FileRepository\ew_jucdcmdm.inf_amd64_neutral_ea37dc5cc3532ebb\ew_jucdcacm.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 98304 c:\windows\system32\DriverStore\FileRepository\ew_jucdcmdm.inf_amd64_neutral_ea37dc5cc3532ebb\ew_jucdcacm.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 72192 c:\windows\system32\DriverStore\FileRepository\ew_jucdcecm.inf_amd64_neutral_57c67173a35d4715\ew_jucdcecm.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 72192 c:\windows\system32\DriverStore\FileRepository\ew_jucdcecm.inf_amd64_neutral_57c67173a35d4715\ew_jucdcecm.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 98304 c:\windows\system32\DriverStore\FileRepository\ew_jucdcacm.inf_amd64_neutral_7e9367d4c951a091\ew_jucdcacm.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 98304 c:\windows\system32\DriverStore\FileRepository\ew_jucdcacm.inf_amd64_neutral_7e9367d4c951a091\ew_jucdcacm.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 87040 c:\windows\system32\DriverStore\FileRepository\ew_jubusenum.inf_amd64_neutral_e10fff8b1ad70081\ew_jubusenum.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 87040 c:\windows\system32\DriverStore\FileRepository\ew_jubusenum.inf_amd64_neutral_e10fff8b1ad70081\ew_jubusenum.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 22016 c:\windows\system32\DriverStore\FileRepository\ew_hwupgrade.inf_amd64_neutral_c7a83f7f37304037\ew_hwupgrade.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 22016 c:\windows\system32\DriverStore\FileRepository\ew_hwupgrade.inf_amd64_neutral_c7a83f7f37304037\ew_hwupgrade.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 13952 c:\windows\system32\DriverStore\FileRepository\ew_busfilter.inf_amd64_neutral_44f5d7046e4df472\ew_usbenumfilter.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 13952 c:\windows\system32\DriverStore\FileRepository\ew_busfilter.inf_amd64_neutral_44f5d7046e4df472\ew_usbenumfilter.sys
+ 2011-10-09 01:06 . 2012-07-24 06:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 01:06 . 2012-07-22 20:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-09 01:06 . 2012-07-24 06:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-09 01:06 . 2012-07-22 20:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 06:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 20:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-12 12:22 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-12 12:22 . 2012-07-22 20:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-12 12:22 . 2012-07-22 20:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-12 12:22 . 2012-07-24 06:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-12 12:22 . 2012-07-22 20:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-12 12:22 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 10:31 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-08 10:31 . 2012-07-22 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 10:31 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-08 10:31 . 2012-07-22 20:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-12 17:10 . 2012-07-24 06:45 13363 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-01-12 17:10 . 2012-07-22 20:47 13363 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2011-10-13 19:47 . 2012-07-24 06:45 8612 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-10-13 19:04 . 2012-07-24 08:32 4768 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2012-03-06 14:12 . 2012-07-24 08:32 2170 c:\windows\system32\wdi\{284ddb2f-beea-4c9d-91e8-e3670ed91517}.bin
- 2012-07-22 20:48 . 2012-07-22 20:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-24 06:46 . 2012-07-24 06:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-24 06:46 . 2012-07-24 06:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-22 20:48 . 2012-07-22 20:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-07-24 06:47 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-22 20:48 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-24 06:47 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-22 20:48 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 16:34 . 2012-07-25 15:14 458410 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-07-22 20:41 689102 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-24 06:54 689102 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-22 20:41 135206 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-24 06:54 135206 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-10 21:05 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-23 09:22 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-10 21:05 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-07-22 20:57 143360 c:\windows\system32\DriverStore\infstor.dat
- 2012-03-05 08:24 . 2012-03-05 08:24 417280 c:\windows\system32\DriverStore\FileRepository\ewusbwwan.inf_amd64_neutral_c8006a78c8490fe3\ewusbwwan.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 417280 c:\windows\system32\DriverStore\FileRepository\ewusbwwan.inf_amd64_neutral_c8006a78c8490fe3\ewusbwwan.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 223232 c:\windows\system32\DriverStore\FileRepository\ewser2k.inf_amd64_neutral_c3448568fb2a54c8\ewusbmdm.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 223232 c:\windows\system32\DriverStore\FileRepository\ewser2k.inf_amd64_neutral_c3448568fb2a54c8\ewusbmdm.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 223232 c:\windows\system32\DriverStore\FileRepository\ewmdm2k.inf_amd64_neutral_33e5a8c9ed55a543\ewusbmdm.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 223232 c:\windows\system32\DriverStore\FileRepository\ewmdm2k.inf_amd64_neutral_33e5a8c9ed55a543\ewusbmdm.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 218624 c:\windows\system32\DriverStore\FileRepository\ew_juwwanecm.inf_amd64_neutral_89ce0c0e721df530\ew_juwwanecm.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 218624 c:\windows\system32\DriverStore\FileRepository\ew_juwwanecm.inf_amd64_neutral_89ce0c0e721df530\ew_juwwanecm.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 117248 c:\windows\system32\DriverStore\FileRepository\ew_hwusbdev.inf_amd64_neutral_56876ef304c9d455\ew_hwusbdev.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 117248 c:\windows\system32\DriverStore\FileRepository\ew_hwusbdev.inf_amd64_neutral_56876ef304c9d455\ew_hwusbdev.sys
+ 2009-07-14 05:01 . 2012-07-24 06:45 394956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-22 19:48 394956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-22 20:48 2260992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-24 06:47 2260992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-03-05 08:24 . 2012-03-05 08:24 1001472 c:\windows\system32\DriverStore\FileRepository\mod7700.inf_amd64_neutral_b356aebe0a3ba98f\mod7700.sys
+ 2012-07-22 20:57 . 2012-07-22 20:57 1001472 c:\windows\system32\DriverStore\FileRepository\mod7700.inf_amd64_neutral_b356aebe0a3ba98f\mod7700.sys
- 2012-03-05 08:24 . 2012-03-05 08:24 1490656 c:\windows\system32\DriverStore\FileRepository\ew_juextctrl.inf_amd64_neutral_098f48005d0ee8ad\wdfcoinstaller01007.dll
+ 2012-07-22 20:57 . 2012-07-22 20:57 1490656 c:\windows\system32\DriverStore\FileRepository\ew_juextctrl.inf_amd64_neutral_098f48005d0ee8ad\wdfcoinstaller01007.dll
- 2012-03-05 08:24 . 2012-03-05 08:24 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jucdcmdm.inf_amd64_neutral_ea37dc5cc3532ebb\wdfcoinstaller01007.dll
+ 2012-07-22 20:57 . 2012-07-22 20:57 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jucdcmdm.inf_amd64_neutral_ea37dc5cc3532ebb\wdfcoinstaller01007.dll
- 2012-03-05 08:24 . 2012-03-05 08:24 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jucdcecm.inf_amd64_neutral_57c67173a35d4715\wdfcoinstaller01007.dll
+ 2012-07-22 20:57 . 2012-07-22 20:57 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jucdcecm.inf_amd64_neutral_57c67173a35d4715\wdfcoinstaller01007.dll
+ 2012-07-22 20:57 . 2012-07-22 20:57 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jucdcacm.inf_amd64_neutral_7e9367d4c951a091\wdfcoinstaller01007.dll
- 2012-03-05 08:24 . 2012-03-05 08:24 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jucdcacm.inf_amd64_neutral_7e9367d4c951a091\wdfcoinstaller01007.dll
- 2012-03-05 08:24 . 2012-03-05 08:24 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jubusenum.inf_amd64_neutral_e10fff8b1ad70081\wdfcoinstaller01007.dll
+ 2012-07-22 20:57 . 2012-07-22 20:57 1490656 c:\windows\system32\DriverStore\FileRepository\ew_jubusenum.inf_amd64_neutral_e10fff8b1ad70081\wdfcoinstaller01007.dll
+ 2012-07-22 20:57 . 2012-07-22 20:57 1490656 c:\windows\system32\DriverStore\FileRepository\ew_hwupgrade.inf_amd64_neutral_c7a83f7f37304037\wdfcoinstaller01007.dll
- 2012-03-05 08:24 . 2012-03-05 08:24 1490656 c:\windows\system32\DriverStore\FileRepository\ew_hwupgrade.inf_amd64_neutral_c7a83f7f37304037\wdfcoinstaller01007.dll
+ 2012-03-09 15:09 . 2012-07-24 06:45 1199036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3022402605-2101226938-1445187523-1001-12288.dat
+ 2011-10-26 18:43 . 2012-07-24 06:45 40080168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3022402605-2101226938-1445187523-1001-8192.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-5-17 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R1 aswSnx;aswSnx; [x]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 Zain e-GO. RunOuc;Zain e-GO. OUC;c:\program files (x86)\Zain e-GO\UpdateDog\ouc.exe [2012-07-22 655712]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-22 117248]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-21 25960]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSP;aswSP; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-22 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-07-22 417280]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-07-22 87040]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ------w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ------w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: Interfaces\{4F7687F2-934B-4FE0-B68F-E2AD42FAD8D0}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{8646602E-03A4-4875-B020-DB4813EBEC71}: NameServer = 10.93.56.1
TCP: Interfaces\{87E2C2A3-91E2-498B-A848-A273AED51E55}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9DBE4EE5-D582-41BF-9AB0-A20BF777C485}: NameServer = 62.209.25.157 62.209.25.158
TCP: Interfaces\{BD284B74-1B79-4D48-AAC3-C5DF43D45AFD}: NameServer = 83.136.58.187 83.136.56.53
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3022402605-2101226938-1445187523-1001\Software\SecuROM\License information*]
"datasecu"=hex:25,9d,8a,71,5a,75,c4,97,e8,30,ea,a7,58,f4,84,2d,2b,22,b6,47,2a,
c9,a8,40,a0,32,96,09,7f,78,dd,cc,86,6e,9c,c3,42,d0,f3,05,c7,31,15,2a,37,f1,\
"rkeysecu"=hex:44,df,bd,07,ab,a6,ab,ad,a5,32,e3,b7,b3,c7,22,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-25 18:28:36
ComboFix-quarantined-files.txt 2012-07-25 15:28
ComboFix2.txt 2012-07-22 20:54
.
Pre-Run: 116,729,204,736 bytes free
Post-Run: 116,455,428,096 bytes free
.
- - End Of File - - FD59753C7432DAD7B9C2A88AAD22B522


2) Virus Total Log

https://www.virustotal.com/file/7bc216adef7b51b9d4bd23bb3a9549020e411429ceec0a8a92e86ce801e418b7/analysis/1343231095/




3) [color=#FF0000][size=150] Avast Logs


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-25 18:33:18
-----------------------------
18:33:18.616 OS Version: Windows x64 6.1.7600
18:33:18.616 Number of processors: 4 586 0x2A07
18:33:18.616 ComputerName: NEIL-PC UserName: Neil
18:33:19.770 Initialize success
18:38:05.408 AVAST engine defs: 12072500
18:38:32.303 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:38:32.303 Disk 0 Vendor: ST950032 0003 Size: 476940MB BusType: 3
18:38:32.318 Disk 0 MBR read successfully
18:38:32.318 Disk 0 MBR scan
18:38:32.350 Disk 0 Windows 7 default MBR code
18:38:32.365 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 25600 MB offset 2048
18:38:32.381 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 190775 MB offset 52430848
18:38:32.396 Disk 0 Partition - 00 0F Extended LBA 260562 MB offset 443140096
18:38:32.412 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 260561 MB offset 443142144
18:38:32.443 Disk 0 scanning C:\Windows\system32\drivers
18:38:42.895 Service scanning
18:39:04.564 Modules scanning
18:39:04.564 Disk 0 trace - called modules:
18:39:04.720 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
18:39:05.032 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800698f060]
18:39:05.032 3 CLASSPNP.SYS[fffff88000dbd43f] -> nt!IofCallDriver -> [0xfffffa8004aabc40]
18:39:05.032 5 ACPI.sys[fffff88000f31781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004aaf050]
18:39:05.843 AVAST engine scan C:\Windows
18:39:08.167 AVAST en my engine scan C:\Windows\system32
18:41:34.496 AVAST engine scan C:\Windows\system32\drivers
18:41:46.617 AVAST engine scan C:\Users\Neil
18:47:51.173 AVAST engine scan C:\ProgramData
18:48:36.570 Scan finished successfully
18:51:38.092 Disk 0 MBR has been saved successfully to "C:\Users\Neil\Desktop\MBR.dat"
18:51:38.108 The log file has been saved successfully to "C:\Users\Neil\Desktop\aswMBR.txt"


4) I currently have no Antivirus system installed on my Pc other than Malwarebytes
5) I have no info about ''System'' Since my Comodo firewall only tells me that it is an out going connection and it is blocked.Should I be worried because each time I start my Internet I can see it getting blocked. :flower:
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 26th, 2012, 5:57 am

Hi neil :)

I asked you to uninstall all but one AV. You should never be without an AV. Please install one from the list below and run a full scan.


Then
Update and run a "full scan" with Malwarebytes and post back the resulting logfile.

Then

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

In your next reply please include:
If you were susucessful installing an AV and athe rusults of a scan.
The Malwarebytes log.
The eset log.
Any outstanding problems you are having
Also can you note down the exact message that Comodo is giving you and post it here for me.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 26th, 2012, 3:58 pm

Hey maxi :)

I installed AVG antivirus

I scanned my whole computer It found 1 threat

[color=#FF0000]services.exe C:Frst/Quartine/services.exe Action:Moved to AVG Virus Vault


What should i do delete it or what?
Please Advice.


I scanned it also using Malwarebytes It also found 1 threat only the above.I quit the process because i didnt want it to take any action.

Before going further i need your advice regarding what to do with services.exe . Can i delete it will it come back if i delete it or what should i do. [/color]
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 26th, 2012, 4:04 pm

Hi neil :)

Before going further i need your advice regarding what to do with services.exe . Can i delete it will it come back if i delete it or what should i do.


Keep going :) If services.exe is located like you said at "C:Frst/Quartine/services.exe" then its fine. Thats the FRST quarantine folder and its safe there.

Run Malwarebytes again and post the log along with the other steps :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 27th, 2012, 3:28 pm

Hey Maxi :)

ESET LOG

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d6ae1097bf7f564f8dc7d9127abd6665
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-27 07:07:23
# local_time=2012-07-27 10:07:23 (+0300, Arab Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1024 16777215 100 0 85622 85622 0 0
# compatibility_mode=3073 16777213 80 71 1459138 19102949 0 0
# compatibility_mode=5893 16776574 100 94 100223 95043185 0 0
# compatibility_mode=8192 67108863 100 0 862 862 0 0
# scanned=201754
# found=11
# cleaned=0
# scan_time=2707
[color=#FF0000]C:\FRST\Quarantine\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U\00000008.@ Win64/Agent.BA trojan (unable to clean) 00000000000000000000000000000000 I
C:\FRST\Quarantine\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U\000000cb.@ Win64/Conedex.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\FRST\Quarantine\{c9ca9eb3-6dd8-8597-d375-41171a9dd199}\U\80000032.@ a variant of Win32/Sirefef.FD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\4\95\2CA86d01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\5\2E\3F921d01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\7\EA\6593Fd01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\9\08\8D271d01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\A\BE\17CFBd01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\A\C3\06C86d01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\A\DD\10139d01 HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Users\Neil\AppData\Local\Mozilla\Firefox\Profiles\la1abbud.default\Cache\B\DB\6FDFBd01 HTML/ScrInject.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
[/color]


MalwareBytes Log




Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.26.11

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Neil :: NEIL-PC [administrator]

27/07/2012 22:15:03
mbam-log-2012-07-27 (22-15-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213288
Time elapsed: 2 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

3) Please advice on how to remove the viruses found by eset scanner(Permanently delete them).
4)Do i need Window updates?If yes then how do i do it because last time it installed updates and then reverted it back while booting
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 28th, 2012, 2:15 pm

Hi Neil :)

Are you still getting blocks from Comodo ? If so can you note down the exact message that Comodo is giving you and post it here.

Do i need Window updates?If yes then how do i do it because last time it installed updates and then reverted it back while booting


Yes you need Windows updates. You can get there by clicking Start - All Programs - Windows Update and see what updates are ready to be downloaded. You can then Install whatever you found :)

Please answer my question regarding Comodo and let me know how the Windows Update went and how your computer is behaving now.

Regards maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 29th, 2012, 5:29 am

hey maxi :)

I SCANNED MY COMPUTER USING AVG IT DETECTED THE VIRUSES IN FRST QUARINTINE AND TRACKING COOKIES
I DELETED ALL TRACKING COOKIES AND LEFT THE QUARTINED VIRUSES ALONE


Problem 1:I cant do any windows updates.
When i try to update it says "Some updates not installed 55 important updates selected and 55 updates failed'
error found:Code 80246008
solution:Tried using Microsoft's Fix it tool(for fixing updates).It said it couldn't fix it.
Time updates started failing:Immediately after infection



Problem 2: Comodo only only only only shows this message
2200 intrusions from Firewall
Application Action Protocol Souce Ip Source Destination Ip Destination Date[color=#800000]
System Blocked UDP 10.180.236.176 137 10.180.236.191 137

I am not sure whether it had blocked it or whether it had asked me and i got suspicious and blocked hit

Active Processes:



Svchost.exe 100%[/color]
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 30th, 2012, 2:15 am

Hi Neil :)

Dont worry about what eset and AVG have found, Whats in FRST quarantine is safe, the other eset entries are no threat to you and can be removed by following the link below. Also the Tracking Cookies that AVG found are safe :)
http://support.mozilla.org/en-US/kb/cle ... fix-issues

See if this solves your Update problem.
http://windows.microsoft.com/en-us/wind ... r-80246008

Then(Only if the Updates are still failing)


Farbar Service Scanner
  1. Please download Farbar Service Scanner and save it to your Desktop.
  2. Right click on FSS.exe and select "Run As Administrator..." to run it.
  3. Select the following options:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center / Action Center
    • Windows Update
    • Windows Defender
  4. Press the "Scan" button.
  5. When finished, a text file named FSS.txt will be created on your desktop. (Same folder the tool is run).
  6. Please copy and paste the contents of the FSS.txt log to your next reply.

In your next reply please include:
If you managed to get the updates to work.
The Farbar Service Scanner logfile.
A fresh DDS log.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 30th, 2012, 9:01 am

Hey Maxi :)


I tried to do the microsoft website solution but i couldn't do the first solution

Solution1:Check whether BITS service is set to automatic and started.
I coudn't find BITS listed in services.It was not there at all.


Farbar scan log


============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-07 13:58] - [2011-12-28 06:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-03-07 15:10] - [2012-05-11 12:54] - 1891384 ____A (Microsoft Corporation) 98C68F9B6381AD34FC3924DFF2393278

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 03:09] - [2009-07-14 04:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 02:36] - [2009-07-14 04:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


DDS LOG


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1
Run by Neil at 15:43:16 on 2012-07-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4008.1885 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\ProgramData\DatacardService\HWDeviceService64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\ProgramData\Zain e-GO\OnlineUpdate\ouc.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Zain e-GO\Zain e-GO.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mystart.incredibar.com/mb128?a=6PQEQBLHNQ&i=26
mStart Page = about:blank
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
TCP: Interfaces\{4F7687F2-934B-4FE0-B68F-E2AD42FAD8D0} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{8646602E-03A4-4875-B020-DB4813EBEC71} : NameServer = 10.93.56.1
TCP: Interfaces\{87E2C2A3-91E2-498B-A848-A273AED51E55} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9DBE4EE5-D582-41BF-9AB0-A20BF777C485} : NameServer = 62.209.25.157 62.209.25.158
TCP: Interfaces\{BD284B74-1B79-4D48-AAC3-C5DF43D45AFD} : NameServer = 83.136.58.187 83.136.56.53
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun-x64: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.5\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
FF - user.js: keyword.enabled - 1
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQEQB ... 26&search=
FF - user.js: extensions.incredibar_i.id - 3e1f1827000000000000001e101f3534
FF - user.js: extensions.incredibar_i.instlDay - 15549
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:40:58
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6PQEQBLHNQ
FF - user.js: extensions.incredibar_i.upn2n - 92543308828358678
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10658
FF - user.js: extensions.incredibar_i.ppd -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-3-13 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-13 74912]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-11 542552]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-3-14 346976]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-17 2009704]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
R2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-7-26 830048]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-28 185856]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\system32\DRIVERS\ewusbwwan.sys --> C:\Windows\system32\DRIVERS\ewusbwwan.sys [?]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-12 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
S2 Zain e-GO. RunOuc;Zain e-GO. OUC;C:\Program Files (x86)\Zain e-GO\UpdateDog\ouc.exe [2012-7-22 655712]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-30 06:43:05 45056 ----a-r- C:\Users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2012-07-30 06:43:05 45056 ----a-r- C:\Users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2012-07-30 06:43:05 45056 ----a-r- C:\Users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe
2012-07-30 06:43:03 -------- d-----w- C:\Program Files (x86)\GameShadow
2012-07-30 06:16:07 -------- d-----w- C:\Program Files (x86)\Eidos
2012-07-28 16:39:25 -------- d-----w- C:\Users\Neil\AppData\Local\CRE
2012-07-28 16:39:20 -------- d-----w- C:\Program Files (x86)\Conduit
2012-07-28 16:39:19 -------- d-----w- C:\Users\Neil\AppData\Local\Conduit
2012-07-28 16:09:25 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-28 15:40:46 -------- d-----w- C:\Program Files\Web Assistant
2012-07-28 15:39:57 -------- d-----w- C:\Program Files (x86)\Gophoto.it
2012-07-28 15:36:30 -------- d-----w- C:\Program Files (x86)\1ClickDownload
2012-07-27 18:07:53 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-26 18:44:13 -------- d-----w- C:\Users\Neil\AppData\Roaming\AVG2012
2012-07-26 18:39:19 -------- d-----w- C:\Users\Neil\AppData\Local\AVG Secure Search
2012-07-26 18:39:18 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-26 18:39:10 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-07-26 18:39:09 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-26 18:39:08 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-26 18:37:14 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-26 18:36:47 -------- d--h--w- C:\$AVG
2012-07-26 18:36:46 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-26 18:36:46 -------- d-----w- C:\ProgramData\AVG2012
2012-07-26 18:35:13 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-26 18:26:27 -------- d-----w- C:\ProgramData\MFAData
2012-07-26 14:21:06 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-26 14:21:06 -------- d-----w- C:\Program Files\AVAST Software
2012-07-25 15:42:59 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-24 07:04:03 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{659E5291-D64A-4FA9-B683-6725EE09FBA2}\mpengine.dll
2012-07-22 20:57:58 98304 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2012-07-22 20:57:58 87040 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2012-07-22 20:57:58 72192 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2012-07-22 20:57:58 417280 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
2012-07-22 20:57:58 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2012-07-22 20:57:58 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2012-07-22 20:57:58 223232 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2012-07-22 20:57:58 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
2012-07-22 20:57:58 218624 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2012-07-22 20:57:58 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2012-07-22 20:57:58 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2012-07-22 20:57:58 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2012-07-22 20:38:43 98816 ----a-w- C:\Windows\sed.exe
2012-07-22 20:38:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-22 20:38:43 256000 ----a-w- C:\Windows\PEV.exe
2012-07-22 20:38:43 208896 ----a-w- C:\Windows\MBR.exe
2012-07-21 03:36:29 -------- d-----w- C:\FRST
2012-07-15 21:27:06 -------- d-----w- C:\Users\Neil\AppData\Roaming\Malwarebytes
2012-07-15 21:26:57 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-15 21:26:56 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-15 21:26:56 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-14 20:27:32 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-10 21:17:19 -------- d-----w- C:\ProgramData\CPA_VA
2012-07-10 20:59:21 -------- d-----w- C:\ProgramData\Comodo
2012-07-10 20:59:13 -------- d-----w- C:\Program Files\COMODO
2012-07-10 20:59:08 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-07-10 20:59:08 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-07-09 19:29:48 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner
2012-07-09 09:38:51 -------- d-----w- C:\ProgramData\FrontLine Registry Cleaner
2012-07-09 09:38:47 -------- d-----w- C:\Program Files (x86)\Frontline Registry Cleaner
2012-07-09 08:47:56 -------- d-----w- C:\ProgramData\SecTaskMan
2012-07-09 08:47:52 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-07-09 08:32:21 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-07-09 08:32:21 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-07-08 21:08:44 -------- d-----w- C:\Windows\SysWow64\My Vaults
2012-07-08 19:42:38 -------- d-----w- C:\ProgramData\bdch
2012-07-08 15:10:16 -------- d-----w- C:\found.000
2012-07-08 14:33:42 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-07-08 14:33:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-07-08 14:32:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-07-08 14:32:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-07-08 05:18:28 -------- d-----w- C:\Program Files\CCleaner
2012-07-07 21:19:25 -------- d-----w- C:\ProgramData\BDLogging
2012-07-07 20:54:56 -------- d-----w- C:\Users\Neil\AppData\Roaming\QuickScan
2012-07-07 20:51:19 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-07-07 20:40:04 -------- d-----w- C:\Users\Neil\AppData\Roaming\SpeedyPC Software
2012-07-07 20:40:04 -------- d-----w- C:\Users\Neil\AppData\Roaming\DriverCure
2012-07-07 20:39:46 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-04 07:04:06 772544 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-07-30 05:48:34 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2012-07-22 20:57:38 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2012-07-22 20:57:38 1490656 ----a-w- C:\Windows\System32\drivers\WdfCoInstaller01007.dll
2012-07-05 19:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-07 10:34:06 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-07 10:34:06 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-11 09:54:37 1891384 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 15:44:49.06 ===============

Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/10/2011 13:17:49
System Uptime: 30/07/2012 12:57:41 (3 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K53SV
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | CPU 1 | 2301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 186 GiB total, 92.671 GiB free.
D: is FIXED (NTFS) - 254 GiB total, 59.147 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP160: 20/07/2012 19:00:04 - BACK UP PLAN
RP161: 22/07/2012 23:38:49 - ComboFix created restore point
RP162: 25/07/2012 18:20:48 - ComboFix created restore point
RP163: 26/07/2012 17:20:55 - avast! Free Antivirus Setup
RP164: 26/07/2012 17:40:07 - avast! Free Antivirus Setup
RP165: 26/07/2012 21:34:56 - Installed AVG 2012
RP166: 26/07/2012 21:35:20 - Installed AVG 2012
RP167: 28/07/2012 19:06:18 - Removed Java(TM) 6 Update 33
RP168: 28/07/2012 19:06:58 - Installed Java(TM) 7 Update 5
RP169: 28/07/2012 19:08:18 - Installed JavaFX 2.1.1
RP170: 30/07/2012 09:15:47 - Installed Hitman Blood Money
RP171: 30/07/2012 09:42:42 - Installed GameShadow
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3)
Angry Birds Rio
ASUS AI Recovery
ASUS FancyStart
ASUS K3 Series ScreenSaver
ASUS LifeFrame3
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
AsusVibe2.0
Atheros Client Installation Program
ATK Package
Bookworm Deluxe
Call of Duty: Black Ops
Camtasia Studio 7
COMODO GeekBuddy
Complément Messenger
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX de Windows Live Mesh para conexiones remotas
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Cooking Dash
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Driver Genius Professional Edition
ESET Online Scanner v3
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Game Park Console
GameShadow
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Governor of Poker
Hitman Blood Money
Hotel Dash Suite Success
Hotspot Shield 2.53
Intel(R) Control Center
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 7 Update 5
JavaFX 2.1.1
Jewel Quest 3
Junk Mail filter update
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger ????
Messenger ?????
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser (KB973685)
Need for Speed The Run, âåðñèÿ 1.0
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Nuance PDF Reader
NVIDIA PhysX
PowerISO
Prototype(TM)
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
SeaTools for Windows
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype™ 5.8
Sonic Focus
syncables desktop SE
TurboC++ 3.0.7.7c
Ubisoft Game Launcher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentControl2 Toolbar
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
Visual Studio 2008 x64 Redistributables
VLC media player 1.1.8
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
WinRAR archiver
Wireless Console 3
World of Goo
Zain e-GO
.
==== Event Viewer Messages From Past Week ========
.
30/07/2012 15:05:50, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
30/07/2012 15:04:47, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
30/07/2012 08:52:52, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Zain e-GO. OUC service to connect.
30/07/2012 08:52:52, Error: Service Control Manager [7000] - The Zain e-GO. OUC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
30/07/2012 08:52:50, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
30/07/2012 08:52:50, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
26/07/2012 17:42:02, Error: Service Control Manager [7000] - The avast! Firewall service failed to start due to the following error: The system cannot find the file specified.
26/07/2012 17:38:34, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: Access is denied.
25/07/2012 18:26:51, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/07/2012 18:26:18, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
24/07/2012 09:47:03, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx
24/07/2012 09:46:59, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » July 31st, 2012, 7:15 am

Hi neil :) You have Infected yourself again before we have finished. Please don't make anymore changes to your system until we finish.

Create a System Restore Point
  • Right-click on the Computer icon and select Properties.
  • In the left pane under Tasks ... click on System protection.
    If UAC prompts for an administrator password or approval, type the password or give your "permission to continue".
  • Select the System Protection tab ...then choose Create.
  • In the System Restore dialog box, type a description for the restore point ... click Create, again.
    A window will pop up with "The Restore Point was created successfully" confirmation message.
  • Click OK ...then close the System Restore dialog.
Please leave the System Restore function "turned on" until we are finished and I give you the 'all clean' sign.
If you have successfully created a System Restore Point...we can proceed.

Step 1
Download the attached bits.reg to your desktop
Attached File bits.reg (6.24K)
Right click the file and select merge
Accept the warnings
Reboot

Step 2

Run Farbars System Scanner again please


Step 3

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
uTorrentControl2 Toolbar


Step 4
Delete you current copy of ComboFix and download a fresh copy from here

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    DDS::
    uStart Page = hxxp://mystart.incredibar.com/mb128?a=6PQEQBLHNQ&i=26
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
    BHO-X64: Web Assistant Helper - No File
    BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    BHO-X64: uTorrentControl2 - No File
    BHO-X64: IESpeakDoc - No File
    BHO-X64: Google Dictionary Compression sdch - No File
    TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    
    
    FireFox::
    FF - ProfilePath - C:\Users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\
    FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
    FF - user.js: keyword.URL - hxxp://mp3tubetoolbar.com/?tmp=nemo_res ... velink2&q=
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQEQB ... 26&search=
    FF - user.js: extensions.incredibar_i.id - 3e1f1827000000000000001e101f3534
    FF - user.js: extensions.incredibar_i.instlDay - 15549
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:40:58
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6PQEQBLHNQ
    FF - user.js: extensions.incredibar_i.upn2n - 92543308828358678
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10658
    FF - user.js: extensions.incredibar_i.ppd -
    
    
    Folder::
    C:\Users\Neil\AppData\Local\CRE
    C:\Program Files (x86)\Conduit
    C:\Users\Neil\AppData\Local\Conduit
    C:\Program Files\Web Assistant
    C:\Program Files (x86)\1ClickDownload
    C:\Program Files (x86)\Eusing Free Registry Cleaner
    C:\ProgramData\FrontLine Registry Cleaner
    C:\Program Files (x86)\Frontline Registry Cleaner
    C:\Users\Neil\AppData\Roaming\SpeedyPC Software
    C:\Users\Neil\AppData\Roaming\DriverCure
    C:\ProgramData\SpeedyPC Software
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

In your next reply please include:
If you managed to get the Updates.
The FSS log.
The ComboFix logfile.
Any problems you had with my instructions.


Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » July 31st, 2012, 11:44 am

Hey Maxi :)

Updates succesfull but 3 faillures

Code 673
Code 800705B4
Code 800F0829


Once I had restarted after creating restore point i got this from AVG

AVG LOG
ACMON Error

ACEngSvr.exe

Time of creation:30/7/2012
Full path:C:/Windows/SysWOW64/ACengSvr.exe
Details:
1 process terminated
1 file deleted
0 registry keys deleted
Processes terminated:
ACEngSvr.exe
Process ID:3168
Full path:C/Windows/SysWOW64/ACEngSvr.exee
Characteristics:
Injects code
Executes from the Windows directory
Writes to the Windows directory
Window not visible
Is terminated
Files deleted:
ACEngSvr.exe
Process ID:0
Characteristics:
Executes from the Windows directory



FFS Log

Farbar Service Scanner Version: 26-07-2012
Ran by Neil (administrator) on 31-07-2012 at 14:56:22
Running from "C:\Users\Neil\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-03-07 13:58] - [2011-12-28 06:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-03-07 15:10] - [2012-05-11 12:54] - 1891384 ____A (Microsoft Corporation) 98C68F9B6381AD34FC3924DFF2393278

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-14 03:09] - [2009-07-14 04:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-14 02:36] - [2009-07-14 04:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Combo fix Log


ComboFix 12-07-30.03 - Neil 31/07/2012 15:11:10.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4008.1723 [GMT 3:00]
Running from: c:\users\Neil\Desktop\ComboFix.exe
Command switches used :: c:\users\Neil\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Conduit
c:\program files (x86)\Conduit\Community Alerts\Alert.dll
c:\program files (x86)\Eusing Free Registry Cleaner
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120709223256.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120709223411.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120709223611.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120710063629.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120710185655.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120710185926.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120710233130.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120711172523.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120713014858.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120714225248.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120719002508.reg
c:\program files (x86)\Eusing Free Registry Cleaner\Backup\Backup20120719164041.reg
c:\program files (x86)\Eusing Free Registry Cleaner\options.ini
c:\program files (x86)\Frontline Registry Cleaner
c:\program files\Web Assistant
c:\program files\Web Assistant\ExTEnsion32.dll
c:\program files\Web Assistant\Extension64.dll
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\Web Assistant\Firefox\chrome.manifest
c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js
c:\program files\Web Assistant\Firefox\chrome\content\main.js
c:\program files\Web Assistant\Firefox\chrome\content\main.xul
c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js
c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd
c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css
c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js
c:\program files\Web Assistant\Firefox\install.rdf
c:\program files\Web Assistant\InstallerHelper.dll
c:\program files\Web Assistant\libraries\DataExchangeScript.js
c:\program files\Web Assistant\resources\localscript.js
c:\program files\Web Assistant\source.crx
c:\program files\Web Assistant\unins000.dat
c:\program files\Web Assistant\unins000.exe
c:\programdata\FrontLine Registry Cleaner
c:\programdata\FrontLine Registry Cleaner\RFSNR
c:\programdata\SpeedyPC Software
c:\users\Neil\AppData\Local\Conduit
c:\users\Neil\AppData\Local\CRE
c:\users\Neil\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx
c:\users\Neil\AppData\Roaming\DriverCure
c:\users\Neil\AppData\Roaming\DriverCure\LogFile.txt
c:\users\Neil\AppData\Roaming\SpeedyPC Software
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-31 )))))))))))))))))))))))))))))))
.
.
2012-07-31 12:15 . 2012-07-31 12:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-31 12:15 . 2012-07-31 12:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 11:54 . 2012-07-31 11:54 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-07-31 11:54 . 2012-07-31 11:54 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-31 11:54 . 2012-07-31 11:54 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-31 11:54 . 2012-07-31 11:54 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-31 11:54 . 2012-07-31 11:54 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-31 11:54 . 2012-07-31 11:54 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-31 11:54 . 2012-07-31 11:54 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-30 06:43 . 2012-07-30 06:43 45056 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2012-07-30 06:43 . 2012-07-30 06:43 45056 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2012-07-30 06:43 . 2012-07-30 06:43 45056 ----a-r- c:\users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe
2012-07-30 06:43 . 2012-07-30 06:43 -------- d-----w- c:\program files (x86)\GameShadow
2012-07-30 06:16 . 2012-07-30 06:16 -------- d-----w- c:\program files (x86)\Eidos
2012-07-28 16:36 . 2012-07-30 12:46 -------- d-----w- c:\users\Neil\AppData\Roaming\uTorrent
2012-07-28 16:10 . 2012-07-28 16:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-28 16:09 . 2012-07-28 16:09 -------- d-----w- c:\program files (x86)\Oracle
2012-07-28 15:39 . 2012-07-28 15:39 -------- d-----w- c:\program files (x86)\Gophoto.it
2012-07-27 18:07 . 2012-07-27 18:07 -------- d-----w- c:\program files (x86)\ESET
2012-07-26 18:44 . 2012-07-26 18:44 -------- d-----w- c:\users\Neil\AppData\Roaming\AVG2012
2012-07-26 18:39 . 2012-07-26 18:39 -------- d-----w- c:\users\Neil\AppData\Local\AVG Secure Search
2012-07-26 18:39 . 2012-07-26 18:39 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-26 18:39 . 2012-07-26 18:39 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-26 18:39 . 2012-07-26 18:39 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-26 18:39 . 2012-07-26 18:39 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-26 18:37 . 2012-07-26 18:37 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-26 18:36 . 2012-07-26 18:36 -------- d-----w- C:\$AVG
2012-07-26 18:36 . 2012-07-31 07:34 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-26 18:36 . 2012-07-30 05:52 -------- d-----w- c:\programdata\AVG2012
2012-07-26 18:35 . 2012-07-26 18:35 -------- d-----w- c:\program files (x86)\AVG
2012-07-26 18:26 . 2012-07-31 07:34 -------- d-----w- c:\programdata\MFAData
2012-07-26 14:21 . 2012-07-26 14:40 -------- d-----w- c:\programdata\AVAST Software
2012-07-26 14:21 . 2012-07-26 14:21 -------- d-----w- c:\program files\AVAST Software
2012-07-24 07:04 . 2012-07-15 23:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{659E5291-D64A-4FA9-B683-6725EE09FBA2}\mpengine.dll
2012-07-22 20:57 . 2012-07-22 20:57 98304 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-07-22 20:57 . 2012-07-22 20:57 87040 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-07-22 20:57 . 2012-07-22 20:57 72192 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-07-22 20:57 . 2012-07-22 20:57 417280 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2012-07-22 20:57 . 2012-07-22 20:57 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-07-22 20:57 . 2012-07-22 20:57 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-07-22 20:57 . 2012-07-22 20:57 223232 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-07-22 20:57 . 2012-07-22 20:57 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2012-07-22 20:57 . 2012-07-22 20:57 218624 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-07-22 20:57 . 2012-07-22 20:57 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-07-22 20:57 . 2012-07-22 20:57 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-07-22 20:57 . 2012-07-22 20:57 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-07-21 03:36 . 2012-07-21 03:36 -------- d-----w- C:\FRST
2012-07-15 21:27 . 2012-07-15 21:27 -------- d-----w- c:\users\Neil\AppData\Roaming\Malwarebytes
2012-07-15 21:26 . 2012-07-15 21:26 -------- d-----w- c:\programdata\Malwarebytes
2012-07-15 21:26 . 2012-07-15 21:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 21:26 . 2012-07-03 10:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-14 20:27 . 2012-07-14 20:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-10 21:17 . 2012-07-12 22:46 -------- d-----w- c:\programdata\CPA_VA
2012-07-10 20:59 . 2012-07-10 21:08 -------- d-----w- c:\programdata\Comodo
2012-07-10 20:59 . 2012-07-10 20:59 -------- d-----w- c:\program files\COMODO
2012-07-10 20:59 . 2012-07-10 20:59 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-07-10 20:59 . 2012-07-10 20:59 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-07-09 08:47 . 2012-07-22 20:33 -------- d-----w- c:\programdata\SecTaskMan
2012-07-09 08:47 . 2012-07-09 10:05 -------- d-----w- c:\program files (x86)\Security Task Manager
2012-07-09 08:32 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-07-09 08:32 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-07-08 21:08 . 2012-07-08 21:08 -------- d-----w- c:\windows\SysWow64\My Vaults
2012-07-08 19:42 . 2012-07-08 19:42 -------- d-----w- c:\programdata\bdch
2012-07-08 15:10 . 2012-07-08 15:10 -------- d-----w- C:\found.000
2012-07-08 14:33 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-08 14:33 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-08 14:33 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-08 14:33 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-08 14:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-08 14:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-08 14:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-08 14:32 . 2012-06-02 12:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-08 14:32 . 2012-06-02 12:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-07-08 05:18 . 2012-07-08 05:18 -------- d-----w- c:\program files\CCleaner
2012-07-07 21:19 . 2012-07-07 21:19 -------- d-----w- c:\programdata\BDLogging
2012-07-07 20:54 . 2012-07-07 20:54 -------- d-----w- c:\users\Neil\AppData\Roaming\QuickScan
2012-07-07 20:51 . 2012-07-24 06:45 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-07-04 07:04 . 2012-07-05 19:06 772544 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-04 07:03 . 2012-07-28 16:07 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-30 05:48 . 2011-05-16 21:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-07-22 20:57 . 2012-03-05 08:24 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-07-22 20:57 . 2012-03-05 08:24 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2012-07-05 19:06 . 2012-03-09 14:54 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 16:21 . 2011-10-23 18:44 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-07 10:34 . 2012-06-07 10:34 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-07 10:34 . 2012-03-12 12:46 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-03 20:28 . 2012-03-09 18:04 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-05-11 09:54 . 2012-03-07 12:10 1891384 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2012-03-30 . ACB82BDA8F46C84F465C1AFA517DC4B9 . 1918320 . . [6.1.7601.17802] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[7] 2012-03-30 . 624C5B3AA4C99B3184BB922D9ECE3FF0 . 1895280 . . [6.1.7600.16986] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[7] 2012-03-30 . 885B202006EE17AE99B9FBCEC9AF88C9 . 1901424 . . [6.1.7601.21954] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[7] 2012-03-30 . 5EFD096DEF47F8B88EF591DA92143440 . 1877872 . . [6.1.7600.21178] .. c:\windows\SoftwareDistribution\Download\092d0da1be926fabf4653305eb1af03a\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[7] 2011-09-29 . 3810F06A4D74A7D62641EE73D6B3C660 . 1912176 . . [6.1.7601.21828] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[7] 2011-09-29 . FC62769E7BFF2896035AEED399108162 . 1923952 . . [6.1.7601.17697] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
[7] 2011-09-29 . F18F56EFC0BFB9C87BA01C37B27F4DA5 . 1897328 . . [6.1.7600.16889] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[7] 2011-09-29 . AC3E29880DB5659532A1AA3439304A43 . 1886064 . . [6.1.7600.21060] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[7] 2011-01-12 . 90A2D722CF64D911879D6C4A4F802A4D . 1896832 . . [6.1.7600.16610] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[7] 2011-01-12 . 542C6767C68C9D6AAACA59436B0D15C2 . 1889152 . . [6.1.7600.20733] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[7] 2010-11-20 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[7] 2010-04-09 . 7FC877A25796D8ADF539E64703FCA7E1 . 1898376 . . [6.1.7600.16569] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16569_none_0f2ca8c580036f65\tcpip.sys
[7] 2010-04-09 . A9C0F786AC1F736891D05CE0A1D29DEB . 1892232 . . [6.1.7600.20687] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20687_none_0f9ea52499331463\tcpip.sys
[7] 2009-07-14 . 912107716BAB424C7870E8E6AF5E07E1 . 1898576 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[-] 2012-05-11 . 98C68F9B6381AD34FC3924DFF2393278 . 1891384 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot_2012-07-25_15.26.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-05-16 21:16 . 2012-07-26 14:44 46628 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-31 11:39 40288 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-08 10:19 . 2012-07-31 11:39 13566 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3022402605-2101226938-1445187523-1001_UserData.bin
+ 2012-01-31 01:46 . 2012-01-31 01:46 36944 c:\windows\system32\drivers\avgrkx64.sys
+ 2011-12-23 10:32 . 2011-12-23 10:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2012-04-19 01:50 . 2012-04-19 01:50 28480 c:\windows\system32\drivers\avgidsha.sys
+ 2011-12-23 10:32 . 2011-12-23 10:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
+ 2011-10-09 01:06 . 2012-07-31 11:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-09 01:06 . 2012-07-24 06:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-09 01:06 . 2012-07-31 11:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-09 01:06 . 2012-07-24 06:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 06:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-31 11:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-12 12:22 . 2012-07-31 11:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-12 12:22 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-07-14 20:37 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-07-30 12:19 80672 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-02-12 12:22 . 2012-07-31 11:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-12 12:22 . 2012-07-24 06:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-02-12 12:22 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-12 12:22 . 2012-07-31 11:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-08 10:31 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-08 10:31 . 2012-07-31 11:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-08 10:31 . 2012-07-24 06:49 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 10:31 . 2012-07-31 11:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-13 19:47 . 2012-07-26 14:31 8760 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-01-12 17:10 . 2012-07-31 11:35 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2012-07-24 06:46 . 2012-07-24 06:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-31 11:37 . 2012-07-31 11:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-31 11:37 . 2012-07-31 11:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-24 06:46 . 2012-07-24 06:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-28 16:08 . 2012-07-05 19:06 227760 c:\windows\SysWOW64\javaws.exe
+ 2012-07-28 16:08 . 2012-07-28 16:07 174064 c:\windows\SysWOW64\javaw.exe
+ 2012-07-28 16:08 . 2012-07-28 16:07 174064 c:\windows\SysWOW64\java.exe
+ 2009-07-14 04:54 . 2012-07-31 11:37 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-24 06:47 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-31 11:37 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 06:47 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-08 16:34 . 2012-07-31 11:09 468504 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-10-08 17:47 . 2012-07-30 05:51 317478 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-07-29 16:03 689102 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-24 06:54 689102 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-29 16:03 135206 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-24 06:54 135206 c:\windows\system32\perfc009.dat
+ 2012-03-19 02:17 . 2012-03-19 02:17 383808 c:\windows\system32\drivers\avgtdia.sys
+ 2012-02-22 02:25 . 2012-02-22 02:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 10:31 . 2011-12-23 10:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2009-07-14 05:12 . 2012-07-30 06:16 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-01-12 17:18 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2012-07-31 11:35 394956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-24 06:45 394956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-28 16:10 . 2012-07-28 16:10 179200 c:\windows\Installer\a9a47eb.msi
+ 2012-07-28 16:08 . 2012-07-28 16:08 461312 c:\windows\Installer\a9a47e5.msi
- 2009-07-14 04:54 . 2012-07-24 06:47 2260992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-31 11:37 2260992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-07-30 05:50 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-10 17:58 3798234 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-03-09 15:09 . 2012-07-30 00:55 2460832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3022402605-2101226938-1445187523-1001-12288.dat
+ 2012-07-26 18:26 . 2012-07-26 18:26 8452608 c:\windows\Installer\d571b7.msi
+ 2012-07-26 18:34 . 2012-07-26 18:34 2871808 c:\windows\Installer\d571b3.msi
+ 2012-07-26 18:34 . 2012-07-26 18:34 8544256 c:\windows\Installer\d571af.msi
+ 2009-07-14 02:34 . 2012-07-31 11:51 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-07-21 19:55 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-10-26 18:43 . 2012-07-31 11:36 43261391 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3022402605-2101226938-1445187523-1001-8192.dat
+ 2012-07-28 16:06 . 2012-07-28 16:06 17379840 c:\windows\Installer\a9a47e1.msi
+ 2012-07-30 06:42 . 2012-07-30 06:42 11683888 c:\windows\Installer\2e7f80.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-26 18:39 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.21\AVG Secure Search_toolbar.dll" [2012-07-26 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SanDiskSecureAccess_Manager.exe"="c:\users\Neil\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-15 17146504]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"COMODO"="c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe" [2011-11-23 213304]
"CPA"="c:\program files\COMODO\COMODO GeekBuddy\VALA.exe" [2011-11-23 184120]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-26 1147488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-1-12 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-5-17 12862]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [x]
R2 Zain e-GO. RunOuc;Zain e-GO. OUC;c:\program files (x86)\Zain e-GO\UpdateDog\ouc.exe [2012-07-22 655712]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-22 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-07-22 417280]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-21 25960]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-26 31080]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-03-11 577824]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-03-11 43248]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-04-10 542552]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2012-04-02 329544]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-02-22 2009704]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 vToolbarUpdater12.1.5;vToolbarUpdater12.1.5;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [2012-07-26 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-07-22 87040]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]
.
2012-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 17:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ------w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ------w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{4F7687F2-934B-4FE0-B68F-E2AD42FAD8D0}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{8646602E-03A4-4875-B020-DB4813EBEC71}: NameServer = 10.93.56.1
TCP: Interfaces\{87E2C2A3-91E2-498B-A848-A273AED51E55}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{9DBE4EE5-D582-41BF-9AB0-A20BF777C485}: NameServer = 62.209.25.157 62.209.25.158
TCP: Interfaces\{BD284B74-1B79-4D48-AAC3-C5DF43D45AFD}: NameServer = 83.136.58.187 83.136.56.53
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.5\ViProtocol.dll
FF - ProfilePath - c:\users\Neil\AppData\Roaming\Mozilla\Firefox\Profiles\la1abbud.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: keyword.enabled - 1
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\Web Assistant\Extension64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3022402605-2101226938-1445187523-1001\Software\SecuROM\License information*]
"datasecu"=hex:25,9d,8a,71,5a,75,c4,97,e8,30,ea,a7,58,f4,84,2d,2b,22,b6,47,2a,
c9,a8,40,a0,32,96,09,7f,78,dd,cc,86,6e,9c,c3,42,d0,f3,05,c7,31,15,2a,37,f1,\
"rkeysecu"=hex:44,df,bd,07,ab,a6,ab,ad,a5,32,e3,b7,b3,c7,22,3c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-31 15:18:43
ComboFix-quarantined-files.txt 2012-07-31 12:18
ComboFix2.txt 2012-07-25 15:28
ComboFix3.txt 2012-07-22 20:54
.
Pre-Run: 98,492,190,720 bytes free
Post-Run: 98,486,284,288 bytes free
.
- - End Of File - - 082A0A2121DE4E4AA1930F1E274FBFA1



Thats all !!!. I guess i got infected becoz of my stupidity to download sumthing from p2p website


Thanks a billion Maxi :D
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm

Re: Virus Help

Unread postby maxi » August 1st, 2012, 7:28 pm

Hi neil :) The first time you were infected was more than lightly the P2P use but the second time was from downloading "hitman blood money" from gameshadow. You should be more careful where you download your games from.

Try the links below to see if you can install these updates. The other one I will need you to give me more info on, Which update failed and any other error codes
http://windows.microsoft.com/en-us/wind ... r-800705b4
http://windows.microsoft.com/en-US/wind ... r-800f0829

Create a restore point like you did the last post

Step 1
Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Hitman Blood Money
GameShadow



Step 2

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    c:\users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
    c:\users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
    c:\users\Neil\AppData\Roaming\Microsoft\Installer\{F7C1C17E-70E3-475F-BD52-EA554391F15D}\ARPPRODUCTICON.exe
    
    Folder::
    c:\program files (x86)\GameShadow
    c:\program files (x86)\Eidos
    c:\users\Neil\AppData\Roaming\uTorrent
    
      
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


Step 3 (you should still have FRST on the flashdrive, if not you need to download it to the usb again)
Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

testsigning: ==> Check for possible unsigned malware driver <===== ATTENTION!

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Now please enter System Recovery Options then select Command Prompt

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Reboot Normally.

Step 4
Please update and run a "Quick Scan" with Malwarebytes.

In your next reply please include:
How you got on with the updates.
More info on the third failed update.
The ComboFix log.
The Malwarebytes log.
Any issues you are still experiencing.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby maxi » August 3rd, 2012, 11:48 am

Hi Neil :) Are you still with us ? It is very important that you follow through with this.

Regards maxi
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Virus Help

Unread postby Neil » August 3rd, 2012, 2:13 pm

Hey maxi :)


I am sorry i couldn't reply early since I was traveling on the 1st of August.

I uninstalled all you had asked for

Combo fix log

I attached below since it crossed the word limit

Malwarebytes Quick Scan:No threat found

Hey i didn't do the other updates since they were large files
[/color]
Problem 1: Can I reinstall Hitman becoz i love that game!!!!PLS
Problem2: Can i delete the viruses found in Avast Virus vault.I don't like keeping them on my PC
{Files found in FRST quarantine Example: services.exe(Siref)}
You do not have the required permissions to view the files attached to this post.
Neil
Regular Member
 
Posts: 27
Joined: July 16th, 2012, 2:51 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 144 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware