Jump to content


Photo
- - - - -

trojan malware problems affecting internet.


  • This topic is locked This topic is locked
31 replies to this topic

#1 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 30 June 2012 - 04:15 PM

Having issues with internet redirecting. Have ran malwarebytes numerous times with different things being found each time. Here is a log of the latest scan and then I rebooted. Please Help. Thanks




Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org/
Database version: v2012.06.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
6/30/2012 4:44:03 PM
mbam-log-2012-06-30 (16-44-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231817
Time elapsed: 10 minute(s), 22 second(s)
Memory Processes Detected: 1
C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> 3756 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vuirgelao (Spyware.Zbot) -> Data: C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Georgia\LOCALS~1\Temp\msmnqa.cmd -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 16
C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> Delete on reboot.
C:\Users\Georgia\AppData\Local\Temp\000e3523.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\000e5206.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\000eae29.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\0_0u_l.exe (Spyware.Zeus) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\2F88.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\gwtlvigrjescwsh.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\jyvqvyshixxg.exe (Spyware.Password) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\mstxcubvd.pif (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc28aa76f.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\vtpatovublnwaanldf.exe (Trojan.Sirefef) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmp62fcc75d\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc59f8eb9\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\tmpc7699065\volumeup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Georgia\AppData\Local\Temp\msmnqa.cmd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.
(end)

#2 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 30 June 2012 - 04:18 PM

Rebooted and ran MB again. Trojan.Ransom was the only thing found. Log for last scan is below. Thanks



Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org/
Database version: v2012.06.30.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
6/30/2012 5:08:29 PM
mbam-log-2012-06-30 (17-08-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217880
Time elapsed: 5 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Georgia\LOCALS~1\Temp\msmnqa.cmd -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#3 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 July 2012 - 06:58 AM

Hello bulldog2772! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING


One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?
Help: I Got Hacked. Now What Do I Do? Part II
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#4 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 July 2012 - 12:48 PM

Here is OTL Log. Only got the one log???



OTL logfile created on: 7/1/2012 1:43:01 PM - Run 3
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Georgia\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.24% Memory free
7.70 Gb Paging File | 5.23 Gb Available in Paging File | 67.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.66 Gb Total Space | 412.61 Gb Free Space | 90.75% Space Free | Partition Type: NTFS

Computer Name: HOUSECOMPUTER | User Name: Georgia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe
PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/08 00:10:34 | 001,320,392 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/04/26 15:08:30 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/01/12 21:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/27 03:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/08/12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2011/07/19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:64bit: - [2011/05/24 09:00:00 | 000,652,016 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/02/19 01:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2011/02/19 01:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2011/02/14 20:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/20 15:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/06/24 00:34:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/04/29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 15:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 15:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2011/01/20 15:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/06/21 02:26:44 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/04/29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/04/29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/04/29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/04/29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/04/29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/04/29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/04/29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/04/01 16:10:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 08:47:16 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/08 23:16:12 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2011/02/14 17:44:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2011/02/12 22:10:55 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/12 16:19:28 | 000,014,400 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2011/02/12 16:19:25 | 000,026,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWLowRider.sys -- (NWLowRider)
DRV:64bit: - [2011/02/12 16:19:25 | 000,014,400 | ---- | M] (n/a) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWWakeFilterLR.sys -- (NWWakeFilterLR)
DRV:64bit: - [2011/02/10 03:41:47 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2011/02/10 03:41:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)
DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9/
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes,DefaultScope = {99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6}
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{1D1DE4DB-F69B-415B-9B37-DD7720CE8C6C}: "URL" = http://www.flickr.co...?q={searchTerms}
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{6EAFAC85-4814-41D9-8E37-5EE5A96113A4}: "URL" = http://search.yahoo....,18175,0,0,6484
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6}: "URL" = http://search.yahoo....f-8&fr=chr-yie9
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{D198D09C-96D5-4A6F-A3C1-75237DC665BF}: "URL" = http://delicious.com...?p={searchTerms}
IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"
FF - prefs.js..browser.startup.homepage: "http://yahoo.com/?il...&fr=ydwnld-home"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georgia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Georgia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 17:44:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 14:38:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/25 15:03:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/25 15:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Extensions
[2012/06/27 18:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions
[2012/06/25 15:03:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/30 22:59:45 | 000,000,942 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\searchplugins\yahoo.xml
[2012/06/25 15:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/25 15:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/06/25 15:03:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/30 22:22:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Facebook Update] C:\Users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F747C83-41C4-47E8-9CF0-8BBA4962DDBC}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1B8362-52EB-4CE4-8682-12BD09942A38}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 13:42:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe
[2012/06/30 22:38:32 | 000,000,000 | R--D | C] -- C:\Users\Georgia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012/06/30 22:25:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/06/30 22:22:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/06/30 21:36:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/30 21:36:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/30 21:36:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/30 21:33:57 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe
[2012/06/30 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\ElevatedDiagnostics
[2012/06/30 21:15:18 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DD35D6C9-E818-47FC-A3E5-5ED2A015020B}
[2012/06/30 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{99AF37E3-F247-4DD5-B7C4-C43095AC0D0D}
[2012/06/30 20:15:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B17272A4-1910-43A3-A08E-6197DDBF8F2E}
[2012/06/30 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{8C5569CA-52AB-4154-86F6-0B93B9AEBF8E}
[2012/06/30 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A206F70F-2782-428F-8D42-40196D514901}
[2012/06/30 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B440D4AE-39F0-4E45-9896-0B8F5CC46464}
[2012/06/30 19:26:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/30 19:26:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/30 18:48:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B88508F5-ACCF-41B1-AE52-7EBEA54B6E32}
[2012/06/30 18:47:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C140465A-581E-4887-A690-0EF014ED1F2C}
[2012/06/30 18:42:26 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/06/30 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42C71202-B1C7-43A0-984E-9F53E8385AAA}
[2012/06/30 18:30:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B41E90D0-6ABD-4966-8D1F-18C0E92B97F3}
[2012/06/30 17:43:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012/06/30 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B9F4775E-37A2-4DEC-9399-7BA10522C53B}
[2012/06/30 17:28:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{30B824A1-26BD-4CF1-A886-64B6B35A779E}
[2012/06/30 17:19:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{97FDD83A-6C08-4990-8B74-C8EAAB591085}
[2012/06/30 17:18:58 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2041F5C-3B1F-4DB3-80ED-47ADEB186F7E}
[2012/06/30 17:08:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D553BE55-BF39-4D80-8DA1-9B915F6B99E1}
[2012/06/30 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{67B31042-C7EF-46BA-A1C5-E5A831A1AF7F}
[2012/06/30 16:58:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{487224C1-A5D9-4970-98DE-E1961A64067F}
[2012/06/30 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{39913C38-5A63-4001-A417-FAF68539402C}
[2012/06/30 16:39:15 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A0760D26-FE35-4FFB-9229-154999A245CD}
[2012/06/30 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A2AB4E60-A285-4B24-8D8A-B070BBD79B50}
[2012/06/30 16:37:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/30 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{608E690E-623E-4F8D-9A76-795B67737F95}
[2012/06/30 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2D9B6F1-D038-4BFF-9171-772E54773EC7}
[2012/06/30 16:11:36 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C409BA3C-0EA8-47CF-BCC2-12F15A034323}
[2012/06/30 16:11:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{72EC475C-4931-4B9C-BDE5-1B21CBE2B4C3}
[2012/06/30 14:49:42 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A6A0472F-C213-4E9F-8C5F-C708080CF43B}
[2012/06/30 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2756344B-945F-4FF9-A3E9-04F3682DED7F}
[2012/06/30 12:04:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0CF98CF1-5D92-4C12-A1AB-6DE35CD8FB9E}
[2012/06/30 12:04:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DA219C1F-C850-4B44-AB05-61B1246FAB63}
[2012/06/29 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EDC74718-DC08-46F0-8793-5CEE2758FFF1}
[2012/06/29 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2A25F897-20DB-439A-AFCB-AEF796E9B357}
[2012/06/27 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65163763-309F-4E62-B37B-900781AABB37}
[2012/06/27 18:26:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7365B2DD-9D77-46BC-B523-AE60F9FF087C}
[2012/06/25 20:40:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E48E48DE-1A34-40B4-82D8-3072928C9D5D}
[2012/06/25 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3437557B-DE80-49CF-8F41-35769E32671D}
[2012/06/25 20:10:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2834282B-14A5-4C60-BD05-33846E44DA2B}
[2012/06/25 20:10:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D2173043-718C-4930-ADC7-2A0C42F0C5A9}
[2012/06/25 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG2012
[2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/25 19:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/06/25 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0485867A-9EF7-4A45-A1F1-3316D226CE89}
[2012/06/25 19:29:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0B3BFFBB-246D-4E49-BE1A-481E1041C89E}
[2012/06/25 19:27:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Etixwa
[2012/06/25 18:47:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DE202C5E-253F-4354-8DC8-C49C01BDCF7A}
[2012/06/25 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0254B1CC-58C5-47E7-85FF-07AE4B0F43C3}
[2012/06/25 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{621552B7-1466-4050-955D-73137457008B}
[2012/06/25 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{05C45DBF-CC73-42F2-83F5-B34F3E57EC55}
[2012/06/25 18:06:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Tific
[2012/06/25 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Symantec
[2012/06/25 17:47:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FB965743-37E8-4BA8-981C-D157BAD0C0D7}
[2012/06/25 17:47:27 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EADAD49B-F55C-4C50-8C06-CFC42F44C756}
[2012/06/25 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1CCF73F8-3622-4480-8082-2D59E31EB4D7}
[2012/06/25 16:57:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F13AC287-9ED8-429F-A715-B5A5E6E20F0D}
[2012/06/25 16:33:52 | 000,000,000 | ---D | C] -- C:\e
[2012/06/25 16:29:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla
[2012/06/25 16:06:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Malwarebytes
[2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/25 16:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/25 16:01:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D75E117F-C593-4A86-863C-1C1959AFD0CD}
[2012/06/25 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{53CBE0F6-8002-4CF5-8168-B08878E7F151}
[2012/06/25 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E75EEA4A-F11D-442E-9537-B31C286B190F}
[2012/06/25 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F1E27BF4-774C-485D-9196-6BFB4221A5C4}
[2012/06/25 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Macromedia
[2012/06/25 15:03:28 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Mozilla
[2012/06/25 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/06/25 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F280C57E-3992-4680-A7AF-ADE521520DB5}
[2012/06/25 14:50:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A3140AA2-FDF5-42CE-B533-ADE27B603557}
[2012/06/24 20:57:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{58736806-88B5-4909-9BDF-F8BB3CC43563}
[2012/06/24 20:57:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{BB3BEDB7-8337-408C-9C18-8DDB6C8198D6}
[2012/06/24 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D62F7BDD-4EDF-4EBB-8B42-BFE650261F78}
[2012/06/24 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{48E76DB1-B07E-44F2-8E56-6F62EA856862}
[2012/06/24 00:39:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7821C117-5711-4444-9BE3-5998A43E9918}
[2012/06/24 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{429DA954-13D1-4D4C-A109-3EC58450BD47}
[2012/06/23 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3721BA9C-48E7-4822-9295-88744B7EBB73}
[2012/06/23 22:46:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{466CD0F5-21C2-40C7-9090-0B1AF6DF8A59}
[2012/06/23 22:28:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7DCADBD-4853-464D-9D8F-29E31DC97CAB}
[2012/06/23 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2813E064-0DE2-433D-A49D-9734700F83CB}
[2012/06/23 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/06/23 22:03:53 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/06/23 22:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/06/23 22:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/06/23 22:02:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\TestApp
[2012/06/23 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{AA0896D2-6D2D-427C-B598-FC9C0689586C}
[2012/06/23 21:54:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0D8E4ADC-8FD8-4798-8C4F-7F5DF150511D}
[2012/06/21 16:47:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6FD9EB6B-644C-454E-A88B-2ACA9C043A51}
[2012/06/21 16:46:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6A43593B-CD73-4ABB-A598-EB56A762B467}
[2012/06/21 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG
[2012/06/21 16:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/06/21 16:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/06/21 16:09:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7B5DFEB-27C7-4622-A617-83300704CAEC}
[2012/06/21 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9BDF31BF-ABC6-49B8-B095-78F9B8C24372}
[2012/06/21 15:46:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F3ABFEEE-FB7D-4023-94D9-11480FECBB50}
[2012/06/21 15:45:46 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EB0E3716-AA87-405A-922F-E14A9E0E249D}
[2012/06/20 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3BB46D06-D76B-4B95-8CE8-9A01742BC39B}
[2012/06/20 20:13:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C9456345-7CBE-4899-9164-506B1CCF0CE7}
[2012/06/20 19:49:55 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FE4CAE30-42C4-4221-A620-EBF1EB025810}
[2012/06/20 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{49B236A5-CA3E-4707-82A6-99E600762E69}
[2012/06/20 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42A2101A-5D18-4E82-B03F-B92C8F1D2B82}
[2012/06/20 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F5189B83-75E0-463B-AB33-5A29F0E67ECF}
[2012/06/20 17:50:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{065C42CA-F192-4519-AAB0-846B2BC62404}
[2012/06/20 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2F37B95A-990E-495E-8F5E-F7B44D29701D}
[2012/06/19 21:35:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A30F0356-39FB-4958-A621-D23439A9E6EF}
[2012/06/19 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B40CEEF0-DF4C-43FE-961C-BD1407971E95}
[2012/06/19 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A1AD6097-DDB2-4DF1-B8C2-17CCAF619A29}
[2012/06/19 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DECE9A8C-357A-40A1-B978-A5EE1349CF3D}
[2012/06/15 01:25:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess_files
[2012/06/14 23:56:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5314EFC4-FB13-4C1E-8ACF-D5D667A24F88}
[2012/06/14 16:45:39 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{242733BB-732E-4E0B-A75B-494DD79C5712}
[2012/06/14 16:45:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9D87F153-1876-4F44-8665-4EC26FBE1748}
[2012/06/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities_files
[2012/06/14 14:11:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours_files
[2012/06/14 14:09:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours_files
[2012/06/14 11:37:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0E957ED2-2219-4895-ADAB-BC7CDDD83BE6}
[2012/06/14 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{804E7D8D-AAB2-4A62-8A55-B2B848917F8D}
[2012/06/13 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt_files
[2012/06/13 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{08E006C9-2F17-482F-B711-033E5BD901AF}
[2012/06/11 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5F30AD1E-9B03-48EC-909F-0B35BAD7C503}
[2012/06/10 15:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NovaLogic
[2012/06/09 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1DF829F0-760E-4A9E-B18A-3DB35080853B}
[2012/06/09 13:06:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65F32C56-94FA-48F2-80BA-9D57D73C382C}
[2012/06/09 01:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2012/06/09 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/06/09 01:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2012/06/09 01:16:35 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Garmin
[2012/06/04 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C5ABA278-C382-4175-AB7B-67B907EDED83}
[2012/06/04 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{10564C20-C19E-45F1-9F75-12CB5B6FC717}
[2012/06/01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{07DFEBC7-D300-4BA4-96E6-2946BA184FDA}
[2012/06/01 16:27:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2F52875-38A1-4A9E-BB82-26C4BA863EFE}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe
[2012/07/01 13:34:00 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/01 13:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/01 13:28:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 13:28:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job
[2012/07/01 13:28:12 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job
[2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/30 22:42:34 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/30 22:42:34 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/30 22:42:34 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/30 22:38:19 | 3101,081,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/30 22:22:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/30 21:34:03 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe
[2012/06/30 21:17:34 | 000,001,544 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/06/30 17:44:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/25 20:33:22 | 000,000,074 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan
[2012/06/25 20:27:53 | 000,001,399 | ---- | M] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk
[2012/06/25 16:05:46 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 15:03:24 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/23 22:04:18 | 001,635,777 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR
[2012/06/20 17:05:16 | 000,359,081 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/17 13:57:24 | 001,499,130 | ---- | M] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht
[2012/06/15 01:26:39 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:57 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:19 | 000,010,177 | ---- | M] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm
[2012/06/15 01:02:41 | 000,014,522 | ---- | M] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm
[2012/06/14 16:43:08 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/06/14 16:43:08 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2012/06/14 14:11:31 | 000,012,428 | ---- | M] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html
[2012/06/14 14:11:17 | 000,026,025 | ---- | M] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm
[2012/06/14 14:09:06 | 000,028,083 | ---- | M] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm
[2012/06/14 11:36:48 | 000,370,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/13 19:26:12 | 000,103,306 | ---- | M] () -- C:\Users\Georgia\Documents\china-complete.pdf
[2012/06/13 17:42:53 | 000,017,869 | ---- | M] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm
[2012/06/11 15:59:16 | 000,001,884 | ---- | M] () -- C:\test.xml
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/30 21:36:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/30 21:16:06 | 000,001,544 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2012/06/30 19:30:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/30 19:30:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/30 19:30:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/30 19:30:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/30 17:44:11 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/06/25 20:27:53 | 000,001,399 | ---- | C] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk
[2012/06/25 20:01:41 | 000,000,074 | ---- | C] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan
[2012/06/25 16:05:46 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/25 15:03:24 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/06/25 15:03:23 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/06/23 22:04:01 | 001,635,777 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/20 17:47:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
[2012/06/20 17:47:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NR
[2012/06/17 13:57:22 | 001,499,130 | ---- | C] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht
[2012/06/15 01:26:38 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:57 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht
[2012/06/15 01:25:12 | 000,010,177 | ---- | C] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm
[2012/06/15 01:02:41 | 000,014,522 | ---- | C] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm
[2012/06/14 14:11:30 | 000,012,428 | ---- | C] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html
[2012/06/14 14:11:16 | 000,026,025 | ---- | C] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm
[2012/06/14 14:09:06 | 000,028,083 | ---- | C] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm
[2012/06/13 19:26:07 | 000,103,306 | ---- | C] () -- C:\Users\Georgia\Documents\china-complete.pdf
[2012/06/13 17:42:53 | 000,017,869 | ---- | C] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm
[2012/05/12 15:03:11 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
[2011/10/27 19:06:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/27 19:06:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/10/27 19:00:45 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/27 19:00:45 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/27 19:00:10 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll
[2011/10/27 19:00:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/10/27 19:00:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/10/24 00:54:45 | 000,007,610 | ---- | C] () -- C:\Users\Georgia\AppData\Local\Resmon.ResmonCfg
[2011/06/21 02:26:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/06/21 02:26:44 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/28 03:31:59 | 000,333,824 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll
[2011/04/28 02:52:13 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/04/01 21:19:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 19:03:27 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/12/26 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Avery
[2012/06/21 16:18:45 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG
[2012/06/25 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG2012
[2012/05/12 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Clip Art Collection
[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa
[2012/06/09 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Garmin
[2012/06/30 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Iwovla
[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/23 22:02:57 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\TestApp
[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific
[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu
[2011/10/24 01:53:48 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Windows Live Writer
[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie
[2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job
[2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job
[2012/06/23 21:54:41 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 July 2012 - 01:01 PM

Step 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
    [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu
    [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla
    [2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa
    [2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu
    [2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific
    [2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu
    [2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
    [2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie
    [2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
    [2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR
    [2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
    [2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
    [2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
    [2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
    [2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
    [2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
    [2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
    [2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
    [2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
    [2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
    
    :files
    C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
    C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
    ipconfig /flushdns /c
    
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 July 2012 - 01:09 PM

OTL Log after reboot.




All processes killed
Error: Unable to interpret <:OTL[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Use> in the current context!
Error: Unable to interpret <rs\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.> in the current context!
Error: Unable to interpret <@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@:filesC:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.53.1 log created on 07012012_140452
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

#7 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 July 2012 - 01:12 PM

MBAM Log.




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.01.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
7/1/2012 2:08:22 PM
mbam-log-2012-07-01 (14-08-22).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212058
Time elapsed: 3 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#8 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 01 July 2012 - 04:47 PM

Your script was not activated. Every entrie should be on a new line. The script in OTL should looks like this:

:OTL
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla
[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa
[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific
[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu
[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie
[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@

:files
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Please repeat both steps.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#9 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 July 2012 - 08:16 PM

OTL log as requested.


All processes killed
========== OTL ==========
C:\Users\Georgia\AppData\Roaming\Yrkeos folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Oqdu folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Iwovla folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Etixwa folder moved successfully.
Folder C:\Users\Georgia\AppData\Roaming\Oqdu\ not found.
C:\Users\Georgia\AppData\Roaming\Tific folder moved successfully.
C:\Users\Georgia\AppData\Roaming\Udcuu folder moved successfully.
Folder C:\Users\Georgia\AppData\Roaming\Yrkeos\ not found.
C:\Users\Georgia\AppData\Roaming\Zonie folder moved successfully.
C:\ProgramData\-X4V4pVXxJCY4NRr moved successfully.
C:\ProgramData\-X4V4pVXxJCY4NR moved successfully.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ not found.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ moved successfully.
File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ not found.
========== FILES ==========
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U folder moved successfully.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L folder moved successfully.
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} folder moved successfully.
File\Folder C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Georgia\Desktop\cmd.bat deleted successfully.
C:\Users\Georgia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Georgia
->Temp folder emptied: 1355329 bytes
->Temporary Internet Files folder emptied: 8729589 bytes
->Java cache emptied: 1180862 bytes
->FireFox cache emptied: 61884517 bytes
->Flash cache emptied: 2438 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714045 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 69192 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 61679954 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 130.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07012012_211132
Files\Folders moved on Reboot...
C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm moved successfully.
C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.
PendingFileRenameOperations files...
File C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm not found!
File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!
Registry entries deleted on Reboot...

#10 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 July 2012 - 08:20 PM

MBAM log as requested


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.01.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Georgia :: HOUSECOMPUTER [administrator]
7/1/2012 9:15:49 PM
mbam-log-2012-07-01 (21-15-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211721
Time elapsed: 3 minute(s), 20 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 02 July 2012 - 05:47 AM

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 02 July 2012 - 03:07 PM

ComboFix Log as requested


ComboFix 12-07-02.01 - Georgia 07/02/2012 15:56:35.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2709 [GMT -4:00]
Running from: c:\users\Georgia\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 18:04 . 2012-07-01 18:04 -------- d-----w- C:\_OTL
2012-07-01 01:27 . 2012-07-01 01:27 -------- d-----w- c:\users\Georgia\AppData\Local\ElevatedDiagnostics
2012-06-30 23:21 . 2012-06-30 23:21 -------- d-----w- c:\program files\ESET
2012-06-30 22:42 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-06-30 21:43 . 2012-06-30 21:43 -------- d-----w- C:\$AVG
2012-06-25 23:39 . 2012-06-30 21:56 -------- d-----w- C:\sh4ldr
2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files\Enigma Software Group
2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-06-25 22:06 . 2012-06-25 22:06 -------- d-----w- c:\users\Georgia\AppData\Local\Symantec
2012-06-25 20:33 . 2012-06-25 20:33 -------- d-----w- C:\e
2012-06-25 20:29 . 2012-06-25 20:29 -------- d-----w- c:\windows\SysWow64\%APPDATA%
2012-06-25 20:06 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BBC96EE-FA5E-42E7-87B5-8C6ADA3ACC60}\mpengine.dll
2012-06-25 20:06 . 2012-06-25 20:06 -------- d-----w- c:\users\Georgia\AppData\Roaming\Malwarebytes
2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-25 19:06 . 2012-06-25 19:06 -------- d-----w- c:\users\Georgia\AppData\Local\Macromedia
2012-06-24 02:10 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\PC Tools
2012-06-24 02:03 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-06-24 02:03 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-06-24 02:02 . 2012-06-25 22:23 -------- d-----w- c:\programdata\PC Tools
2012-06-24 02:02 . 2012-06-24 02:02 -------- d-----w- c:\users\Georgia\AppData\Roaming\TestApp
2012-06-21 20:18 . 2012-06-21 20:18 -------- d-----w- c:\users\Georgia\AppData\Roaming\AVG
2012-06-20 21:52 . 2012-06-20 21:52 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4ea5b291cd4f2e02\MeshBetaRemover.exe
2012-06-20 21:52 . 2012-06-20 21:52 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DSETUP.dll
2012-06-20 21:52 . 2012-06-20 21:52 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DXSETUP.exe
2012-06-20 21:52 . 2012-06-20 21:52 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\dsetup32.dll
2012-06-15 03:57 . 2012-06-15 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-13 23:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-10 19:01 . 2012-06-10 19:01 -------- d-----w- c:\program files (x86)\NovaLogic
2012-06-10 02:34 . 2012-06-24 04:34 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-09 05:17 . 2012-06-09 05:17 -------- d-----w- c:\program files\DIFX
2012-06-09 05:16 . 2012-06-09 05:17 -------- d-----w- c:\program files (x86)\Garmin
2012-06-09 05:16 . 2012-06-09 05:27 -------- d-----w- c:\users\Georgia\AppData\Roaming\Garmin
2012-06-08 23:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-08 23:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-08 23:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-08 23:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-08 23:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-08 23:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-08 23:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-08 23:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-08 23:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 04:34 . 2012-04-17 03:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 04:34 . 2011-08-05 01:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-01_02.22.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-02 01:19 . 2012-07-02 02:30 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\History\History.IE5\index.dat
+ 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\Cookies\index.dat
+ 2010-11-21 03:09 . 2012-07-02 01:15 59794 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-02 01:15 37050 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-04 19:26 . 2012-07-02 01:15 12986 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-372996367-75289682-3332733727-1005_UserData.bin
+ 2011-08-11 07:14 . 2012-07-02 01:13 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2011-08-11 07:14 . 2012-06-29 16:33 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-17 20:58 . 2012-07-02 19:52 286874 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-08-05 03:05 . 2012-07-02 16:48 314386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-07-02 01:19 660280 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-01 02:14 660280 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-02 01:19 121208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-01 02:14 121208 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-07-02 01:13 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-01 02:09 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-04-28 07:28 . 2012-07-01 02:09 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-04-28 07:28 . 2012-07-02 01:13 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-02 15:52 . 2012-07-02 15:52 8451584 c:\windows\Installer\324d2c2.msi
+ 2011-08-04 19:23 . 2012-07-02 01:13 18705832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-372996367-75289682-3332733727-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]
"Facebook Update"="c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-27 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/w...910ed5189e641fe" [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-09 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2011-02-12 14400]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-11-10 517632]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-02-10 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-02-10 98816]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-04-29 29344]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-04-29 166048]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-04-29 283296]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-01 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-02-14 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\drivers\NWLowRider.sys [2011-02-12 26176]
S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\drivers\NWWakeFilterLR.sys [2011-02-12 14400]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-13 413800]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 04:34]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job
- c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job
- c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-03 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-03 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 419096]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo Search
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-02 16:04:26
ComboFix-quarantined-files.txt 2012-07-02 20:04
ComboFix2.txt 2012-07-01 02:25
.
Pre-Run: 443,097,640,960 bytes free
Post-Run: 443,054,604,288 bytes free
.
- - End Of File - - 72C8398A601942DFBF96F6C800740CA5

#13 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 July 2012 - 05:49 AM

Awesome! :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#14 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 03 July 2012 - 02:06 PM

ESET Log as requested. I dont think this is the right log for some reason. There is no extended log on program files. This log is in x86 files. The ESET found 3 threats and deleted them on the first scan. I am running the scan again.


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

#15 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 03 July 2012 - 04:18 PM

Recently, it often happens that problem.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and post it in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#16 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 03 July 2012 - 10:53 PM

Kaspersky log as requested. 2 threats found


Status: Deleted (events: 2)
7/3/2012 8:19:41 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\Qoobox\Quarantine\C\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@.vir High
7/3/2012 9:01:27 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\07012012_211132\C_Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ High

#17 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 04 July 2012 - 04:37 AM

Good! :)

How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#18 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 04 July 2012 - 08:48 PM

Dont seem to be having any issues virus related, which is great. Having an issue with Interent Explorer unexpectedly shutting down. I think it might have something to do with AVG Anti-virus blocking cookies or allowing too many? Any ideas??? Never had this issue before. Thanks for all of your help

#19 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,379 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 05 July 2012 - 04:21 AM

Cookies are not malware related. Please take a look here:
http://en.wikipedia....iki/HTTP_cookie

Try to reset IE settings and let me know:
http://windows.micro...rnet-Explorer-9
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#20 bulldog2772

bulldog2772

    New Member

  • Members
  • Pip
  • 18 posts

Posted 06 July 2012 - 12:40 PM

Resetting IE settings seemed to help that issue.

I have noticed something else though. Today I went to scan a document into my computer and my scanner wasnt working. Printer works but scanner side not recognized. Went to start menu to open up Brother program and all of the files in my Windows Start menu say they are empty as they did in the beginning. Is this malware still affecting my computer?? I ran MBAM scan and it did not find any threats.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users