bulldog2772

trojan malware problems affecting internet.

32 posts in this topic

Having issues with internet redirecting. Have ran malwarebytes numerous times with different things being found each time. Here is a log of the latest scan and then I rebooted. Please Help. Thanks

Malwarebytes Anti-Malware 1.61.0.1400

http://www.malwarebytes.org/

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Georgia :: HOUSECOMPUTER [administrator]

6/30/2012 4:44:03 PM

mbam-log-2012-06-30 (16-44-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 231817

Time elapsed: 10 minute(s), 22 second(s)

Memory Processes Detected: 1

C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> 3756 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Vuirgelao (Spyware.Zbot) -> Data: C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Georgia\LOCALS~1\Temp\msmnqa.cmd -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 16

C:\Users\Georgia\AppData\Roaming\Oqdu\aqhun.exe (Spyware.Zbot) -> Delete on reboot.

C:\Users\Georgia\AppData\Local\Temp\000e3523.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\000e5206.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\000eae29.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\0_0u_l.exe (Spyware.Zeus) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\2F88.tmp (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\gwtlvigrjescwsh.exe (Spyware.Password) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\jyvqvyshixxg.exe (Spyware.Password) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\mstxcubvd.pif (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\tmpc28aa76f.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\vtpatovublnwaanldf.exe (Trojan.Sirefef) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\tmp62fcc75d\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\tmpc59f8eb9\volumeup.exe (Spyware.Zbot) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\tmpc7699065\volumeup.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Users\Georgia\AppData\Local\Temp\msmnqa.cmd (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

(end)

Share this post


Link to post
Share on other sites

Rebooted and ran MB again. Trojan.Ransom was the only thing found. Log for last scan is below. Thanks

Malwarebytes Anti-Malware 1.61.0.1400

http://www.malwarebytes.org/

Database version: v2012.06.30.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Georgia :: HOUSECOMPUTER [administrator]

6/30/2012 5:08:29 PM

mbam-log-2012-06-30 (17-08-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 217880

Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Data: C:\Users\Georgia\LOCALS~1\Temp\msmnqa.cmd -> Delete on reboot.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Hello bulldog2772! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Share this post


Link to post
Share on other sites

Here is OTL Log. Only got the one log???

OTL logfile created on: 7/1/2012 1:43:01 PM - Run 3

OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Georgia\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 57.24% Memory free

7.70 Gb Paging File | 5.23 Gb Available in Paging File | 67.89% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 454.66 Gb Total Space | 412.61 Gb Free Space | 90.75% Space Free | Partition Type: NTFS

Computer Name: HOUSECOMPUTER | User Name: Georgia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe

PRC - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/03/08 00:10:34 | 001,320,392 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

PRC - [2011/04/26 15:08:30 | 000,183,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

PRC - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe

PRC - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/01/12 21:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/11/27 03:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009/02/24 16:47:06 | 000,143,360 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe

PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

MOD - [2009/02/27 17:38:20 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

SRV:64bit: - [2011/08/12 17:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)

SRV:64bit: - [2011/07/19 05:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)

SRV:64bit: - [2011/05/24 09:00:00 | 000,652,016 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV:64bit: - [2011/02/19 01:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV:64bit: - [2011/02/19 01:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)

SRV:64bit: - [2011/02/14 20:54:50 | 000,550,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV:64bit: - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)

SRV:64bit: - [2011/01/20 15:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/24 00:34:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/01 11:39:50 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2012/02/09 19:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)

SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/29 17:20:18 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2011/04/29 17:19:22 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2011/04/26 15:08:30 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)

SRV - [2011/02/23 17:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

SRV - [2011/02/21 15:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2011/02/21 15:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2011/02/14 17:45:08 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2011/02/14 17:44:56 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2011/01/20 15:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2011/01/12 21:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/11/27 03:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/06/21 02:26:44 | 012,259,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/06/21 02:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/04/29 17:19:36 | 000,288,416 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2011/04/29 17:19:36 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2011/04/29 17:19:36 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2011/04/29 17:19:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)

DRV:64bit: - [2011/04/29 17:19:36 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2011/04/29 17:19:36 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2011/04/29 17:19:36 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2011/04/29 17:19:34 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2011/04/01 16:10:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 08:47:16 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/03/08 23:16:12 | 000,051,872 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)

DRV:64bit: - [2011/02/14 17:44:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2011/02/12 22:10:55 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/02/12 16:19:28 | 000,014,400 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)

DRV:64bit: - [2011/02/12 16:19:25 | 000,026,176 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWLowRider.sys -- (NWLowRider)

DRV:64bit: - [2011/02/12 16:19:25 | 000,014,400 | ---- | M] (n/a) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NWWakeFilterLR.sys -- (NWWakeFilterLR)

DRV:64bit: - [2011/02/10 03:41:47 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)

DRV:64bit: - [2011/02/10 03:41:45 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)

DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/04/26 16:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel®

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV:64bit: - [2006/12/12 02:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie9/

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes,DefaultScope = {99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6}

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{1D1DE4DB-F69B-415B-9B37-DD7720CE8C6C}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{6EAFAC85-4814-41D9-8E37-5EE5A96113A4}: "URL" = http://search.yahoo.com/search?&q={searchTerms}&ei=utf-8&fr=w3is&type=W3i_IA,206,6484_00,Search,20110938,18175,0,0,6484

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{99D2F1F7-1CF5-47D2-8B81-B47A2514F5E6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie9

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\SearchScopes\{D198D09C-96D5-4A6F-A3C1-75237DC665BF}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo Search"

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/?ilc=10&fr=ydwnld-home"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2011/04/28 03:43:30 | 000,000,000 | ---D | M]

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Georgia\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Georgia\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 17:44:11 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/15 14:38:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/25 15:03:15 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/06/25 15:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Extensions

[2012/06/27 18:51:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions

[2012/06/25 15:03:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/06/30 22:59:45 | 000,000,942 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\searchplugins\yahoo.xml

[2012/06/25 15:03:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/25 15:03:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions

[2012/06/25 15:03:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/06/01 11:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/06/01 11:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/06/01 11:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/30 22:22:44 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Facebook Update] C:\Users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-372996367-75289682-3332733727-1005..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKU\S-1-5-21-372996367-75289682-3332733727-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F747C83-41C4-47E8-9CF0-8BBA4962DDBC}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1B8362-52EB-4CE4-8682-12BD09942A38}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 13:42:47 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe

[2012/06/30 22:38:32 | 000,000,000 | R--D | C] -- C:\Users\Georgia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2012/06/30 22:25:47 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/06/30 22:22:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/06/30 21:36:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/06/30 21:36:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/06/30 21:36:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/06/30 21:33:57 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe

[2012/06/30 21:27:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\ElevatedDiagnostics

[2012/06/30 21:15:18 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DD35D6C9-E818-47FC-A3E5-5ED2A015020B}

[2012/06/30 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{99AF37E3-F247-4DD5-B7C4-C43095AC0D0D}

[2012/06/30 20:15:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B17272A4-1910-43A3-A08E-6197DDBF8F2E}

[2012/06/30 20:15:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{8C5569CA-52AB-4154-86F6-0B93B9AEBF8E}

[2012/06/30 20:07:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A206F70F-2782-428F-8D42-40196D514901}

[2012/06/30 20:07:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B440D4AE-39F0-4E45-9896-0B8F5CC46464}

[2012/06/30 19:26:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/06/30 19:26:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET

[2012/06/30 19:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/06/30 18:48:08 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B88508F5-ACCF-41B1-AE52-7EBEA54B6E32}

[2012/06/30 18:47:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C140465A-581E-4887-A690-0EF014ED1F2C}

[2012/06/30 18:42:26 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2012/06/30 18:31:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42C71202-B1C7-43A0-984E-9F53E8385AAA}

[2012/06/30 18:30:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B41E90D0-6ABD-4966-8D1F-18C0E92B97F3}

[2012/06/30 17:43:55 | 000,000,000 | ---D | C] -- C:\$AVG

[2012/06/30 17:28:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B9F4775E-37A2-4DEC-9399-7BA10522C53B}

[2012/06/30 17:28:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{30B824A1-26BD-4CF1-A886-64B6B35A779E}

[2012/06/30 17:19:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{97FDD83A-6C08-4990-8B74-C8EAAB591085}

[2012/06/30 17:18:58 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2041F5C-3B1F-4DB3-80ED-47ADEB186F7E}

[2012/06/30 17:08:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D553BE55-BF39-4D80-8DA1-9B915F6B99E1}

[2012/06/30 17:08:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{67B31042-C7EF-46BA-A1C5-E5A831A1AF7F}

[2012/06/30 16:58:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{487224C1-A5D9-4970-98DE-E1961A64067F}

[2012/06/30 16:58:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{39913C38-5A63-4001-A417-FAF68539402C}

[2012/06/30 16:39:15 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A0760D26-FE35-4FFB-9229-154999A245CD}

[2012/06/30 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A2AB4E60-A285-4B24-8D8A-B070BBD79B50}

[2012/06/30 16:37:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2012/06/30 16:28:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{608E690E-623E-4F8D-9A76-795B67737F95}

[2012/06/30 16:27:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2D9B6F1-D038-4BFF-9171-772E54773EC7}

[2012/06/30 16:11:36 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C409BA3C-0EA8-47CF-BCC2-12F15A034323}

[2012/06/30 16:11:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{72EC475C-4931-4B9C-BDE5-1B21CBE2B4C3}

[2012/06/30 14:49:42 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A6A0472F-C213-4E9F-8C5F-C708080CF43B}

[2012/06/30 14:49:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2756344B-945F-4FF9-A3E9-04F3682DED7F}

[2012/06/30 12:04:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0CF98CF1-5D92-4C12-A1AB-6DE35CD8FB9E}

[2012/06/30 12:04:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DA219C1F-C850-4B44-AB05-61B1246FAB63}

[2012/06/29 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EDC74718-DC08-46F0-8793-5CEE2758FFF1}

[2012/06/29 12:35:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2A25F897-20DB-439A-AFCB-AEF796E9B357}

[2012/06/27 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65163763-309F-4E62-B37B-900781AABB37}

[2012/06/27 18:26:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7365B2DD-9D77-46BC-B523-AE60F9FF087C}

[2012/06/25 20:40:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E48E48DE-1A34-40B4-82D8-3072928C9D5D}

[2012/06/25 20:40:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3437557B-DE80-49CF-8F41-35769E32671D}

[2012/06/25 20:10:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2834282B-14A5-4C60-BD05-33846E44DA2B}

[2012/06/25 20:10:32 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D2173043-718C-4930-ADC7-2A0C42F0C5A9}

[2012/06/25 20:03:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG2012

[2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\sh4ldr

[2012/06/25 19:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group

[2012/06/25 19:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/06/25 19:29:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0485867A-9EF7-4A45-A1F1-3316D226CE89}

[2012/06/25 19:29:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0B3BFFBB-246D-4E49-BE1A-481E1041C89E}

[2012/06/25 19:27:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Etixwa

[2012/06/25 18:47:06 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DE202C5E-253F-4354-8DC8-C49C01BDCF7A}

[2012/06/25 18:46:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0254B1CC-58C5-47E7-85FF-07AE4B0F43C3}

[2012/06/25 18:22:48 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{621552B7-1466-4050-955D-73137457008B}

[2012/06/25 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{05C45DBF-CC73-42F2-83F5-B34F3E57EC55}

[2012/06/25 18:06:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Tific

[2012/06/25 18:06:54 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Symantec

[2012/06/25 17:47:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FB965743-37E8-4BA8-981C-D157BAD0C0D7}

[2012/06/25 17:47:27 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EADAD49B-F55C-4C50-8C06-CFC42F44C756}

[2012/06/25 16:57:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1CCF73F8-3622-4480-8082-2D59E31EB4D7}

[2012/06/25 16:57:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F13AC287-9ED8-429F-A715-B5A5E6E20F0D}

[2012/06/25 16:33:52 | 000,000,000 | ---D | C] -- C:\e

[2012/06/25 16:29:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos

[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu

[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla

[2012/06/25 16:06:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Malwarebytes

[2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/06/25 16:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/25 16:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/25 16:01:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D75E117F-C593-4A86-863C-1C1959AFD0CD}

[2012/06/25 16:01:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{53CBE0F6-8002-4CF5-8168-B08878E7F151}

[2012/06/25 15:25:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{E75EEA4A-F11D-442E-9537-B31C286B190F}

[2012/06/25 15:25:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F1E27BF4-774C-485D-9196-6BFB4221A5C4}

[2012/06/25 15:06:44 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\Macromedia

[2012/06/25 15:03:28 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Mozilla

[2012/06/25 15:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/06/25 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F280C57E-3992-4680-A7AF-ADE521520DB5}

[2012/06/25 14:50:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A3140AA2-FDF5-42CE-B533-ADE27B603557}

[2012/06/24 20:57:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{58736806-88B5-4909-9BDF-F8BB3CC43563}

[2012/06/24 20:57:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{BB3BEDB7-8337-408C-9C18-8DDB6C8198D6}

[2012/06/24 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{D62F7BDD-4EDF-4EBB-8B42-BFE650261F78}

[2012/06/24 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{48E76DB1-B07E-44F2-8E56-6F62EA856862}

[2012/06/24 00:39:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{7821C117-5711-4444-9BE3-5998A43E9918}

[2012/06/24 00:39:14 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{429DA954-13D1-4D4C-A109-3EC58450BD47}

[2012/06/23 22:46:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3721BA9C-48E7-4822-9295-88744B7EBB73}

[2012/06/23 22:46:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{466CD0F5-21C2-40C7-9090-0B1AF6DF8A59}

[2012/06/23 22:28:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7DCADBD-4853-464D-9D8F-29E31DC97CAB}

[2012/06/23 22:28:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2813E064-0DE2-433D-A49D-9734700F83CB}

[2012/06/23 22:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools

[2012/06/23 22:03:53 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys

[2012/06/23 22:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools

[2012/06/23 22:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools

[2012/06/23 22:02:57 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\TestApp

[2012/06/23 21:55:09 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{AA0896D2-6D2D-427C-B598-FC9C0689586C}

[2012/06/23 21:54:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0D8E4ADC-8FD8-4798-8C4F-7F5DF150511D}

[2012/06/21 16:47:01 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6FD9EB6B-644C-454E-A88B-2ACA9C043A51}

[2012/06/21 16:46:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{6A43593B-CD73-4ABB-A598-EB56A762B467}

[2012/06/21 16:18:25 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\AVG

[2012/06/21 16:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2012/06/21 16:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011

[2012/06/21 16:09:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C7B5DFEB-27C7-4622-A617-83300704CAEC}

[2012/06/21 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9BDF31BF-ABC6-49B8-B095-78F9B8C24372}

[2012/06/21 15:46:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F3ABFEEE-FB7D-4023-94D9-11480FECBB50}

[2012/06/21 15:45:46 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{EB0E3716-AA87-405A-922F-E14A9E0E249D}

[2012/06/20 20:13:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{3BB46D06-D76B-4B95-8CE8-9A01742BC39B}

[2012/06/20 20:13:07 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C9456345-7CBE-4899-9164-506B1CCF0CE7}

[2012/06/20 19:49:55 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{FE4CAE30-42C4-4221-A620-EBF1EB025810}

[2012/06/20 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{49B236A5-CA3E-4707-82A6-99E600762E69}

[2012/06/20 18:23:17 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{42A2101A-5D18-4E82-B03F-B92C8F1D2B82}

[2012/06/20 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{F5189B83-75E0-463B-AB33-5A29F0E67ECF}

[2012/06/20 17:50:34 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{065C42CA-F192-4519-AAB0-846B2BC62404}

[2012/06/20 17:50:24 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{2F37B95A-990E-495E-8F5E-F7B44D29701D}

[2012/06/19 21:35:33 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A30F0356-39FB-4958-A621-D23439A9E6EF}

[2012/06/19 21:35:23 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{B40CEEF0-DF4C-43FE-961C-BD1407971E95}

[2012/06/19 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{A1AD6097-DDB2-4DF1-B8C2-17CCAF619A29}

[2012/06/19 10:35:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{DECE9A8C-357A-40A1-B978-A5EE1349CF3D}

[2012/06/15 01:25:19 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess_files

[2012/06/14 23:56:12 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5314EFC4-FB13-4C1E-8ACF-D5D667A24F88}

[2012/06/14 16:45:39 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{242733BB-732E-4E0B-A75B-494DD79C5712}

[2012/06/14 16:45:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{9D87F153-1876-4F44-8665-4EC26FBE1748}

[2012/06/14 14:11:30 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities_files

[2012/06/14 14:11:16 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours_files

[2012/06/14 14:09:03 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours_files

[2012/06/14 11:37:51 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{0E957ED2-2219-4895-ADAB-BC7CDDD83BE6}

[2012/06/14 11:37:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{804E7D8D-AAB2-4A62-8A55-B2B848917F8D}

[2012/06/13 17:42:53 | 000,000,000 | ---D | C] -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt_files

[2012/06/13 11:56:04 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{08E006C9-2F17-482F-B711-033E5BD901AF}

[2012/06/11 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{5F30AD1E-9B03-48EC-909F-0B35BAD7C503}

[2012/06/10 15:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NovaLogic

[2012/06/09 13:06:21 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{1DF829F0-760E-4A9E-B18A-3DB35080853B}

[2012/06/09 13:06:11 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{65F32C56-94FA-48F2-80BA-9D57D73C382C}

[2012/06/09 01:17:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin

[2012/06/09 01:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2012/06/09 01:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin

[2012/06/09 01:16:35 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Garmin

[2012/06/04 19:07:40 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C5ABA278-C382-4175-AB7B-67B907EDED83}

[2012/06/04 19:07:31 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{10564C20-C19E-45F1-9F75-12CB5B6FC717}

[2012/06/01 16:28:00 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{07DFEBC7-D300-4BA4-96E6-2946BA184FDA}

[2012/06/01 16:27:49 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Local\{C2F52875-38A1-4A9E-BB82-26C4BA863EFE}

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 13:42:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Georgia\Desktop\OTL.exe

[2012/07/01 13:34:00 | 100,891,471 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/07/01 13:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/01 13:28:56 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/01 13:28:55 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job

[2012/07/01 13:28:12 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat

[2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job

[2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 22:45:38 | 000,020,928 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/30 22:42:34 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/30 22:42:34 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/30 22:42:34 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/30 22:38:19 | 3101,081,600 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/30 22:22:44 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/06/30 21:34:03 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Georgia\Desktop\ComboFix.exe

[2012/06/30 21:17:34 | 000,001,544 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2012/06/30 17:44:11 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/06/25 20:33:22 | 000,000,074 | ---- | M] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan

[2012/06/25 20:27:53 | 000,001,399 | ---- | M] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk

[2012/06/25 16:05:46 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/25 15:03:24 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/23 22:04:18 | 001,635,777 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr

[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR

[2012/06/20 17:05:16 | 000,359,081 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/06/17 13:57:24 | 001,499,130 | ---- | M] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht

[2012/06/15 01:26:39 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht

[2012/06/15 01:25:57 | 000,023,880 | ---- | M] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht

[2012/06/15 01:25:19 | 000,010,177 | ---- | M] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm

[2012/06/15 01:02:41 | 000,014,522 | ---- | M] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm

[2012/06/14 16:43:08 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI

[2012/06/14 16:43:08 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI

[2012/06/14 14:11:31 | 000,012,428 | ---- | M] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html

[2012/06/14 14:11:17 | 000,026,025 | ---- | M] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm

[2012/06/14 14:09:06 | 000,028,083 | ---- | M] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm

[2012/06/14 11:36:48 | 000,370,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/13 19:26:12 | 000,103,306 | ---- | M] () -- C:\Users\Georgia\Documents\china-complete.pdf

[2012/06/13 17:42:53 | 000,017,869 | ---- | M] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm

[2012/06/11 15:59:16 | 000,001,884 | ---- | M] () -- C:\test.xml

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/30 21:36:04 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/06/30 21:16:06 | 000,001,544 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg

[2012/06/30 19:30:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/06/30 19:30:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/06/30 19:30:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/06/30 19:30:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/06/30 17:44:11 | 000,000,925 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@

[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@

[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@

[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@

[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@

[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@

[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@

[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@

[2012/06/25 20:27:53 | 000,001,399 | ---- | C] () -- C:\Users\Georgia\Desktop\Internet Explorer.lnk

[2012/06/25 20:01:41 | 000,000,074 | ---- | C] () -- C:\Users\Georgia\AppData\Roaming\mbam.context.scan

[2012/06/25 16:05:46 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/25 15:03:24 | 000,001,086 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012/06/25 15:03:23 | 000,001,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012/06/23 22:04:01 | 001,635,777 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB

[2012/06/20 17:47:35 | 000,000,112 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NRr

[2012/06/20 17:47:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\-X4V4pVXxJCY4NR

[2012/06/17 13:57:22 | 001,499,130 | ---- | C] () -- C:\Users\Georgia\Documents\1 Bedroom Apt_ - Condo Rental in Holmes Beach, Florida, USA - Holmes Beach Condo.mht

[2012/06/15 01:26:38 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\rubric for Egyptian Mummification process using Virtual Field Trip_php.mht

[2012/06/15 01:25:57 | 000,023,880 | ---- | C] () -- C:\Users\Georgia\Documents\Your Rubric Collaborative Work Skills Egyptian Mummification process using Virtual Field Trip_php.mht

[2012/06/15 01:25:12 | 000,010,177 | ---- | C] () -- C:\Users\Georgia\Documents\virtualfieldtripinternetrubrickformummificationprocess.htm

[2012/06/15 01:02:41 | 000,014,522 | ---- | C] () -- C:\Users\Georgia\Documents\Learning Log Rubric.htm

[2012/06/14 14:11:30 | 000,012,428 | ---- | C] () -- C:\Users\Georgia\Documents\Ancient Chinese Dynasties - Free Powerpoints, Games, Activities.html

[2012/06/14 14:11:16 | 000,026,025 | ---- | C] () -- C:\Users\Georgia\Documents\Great Wall of China, China Great Wall Facts, Maps, Tours.htm

[2012/06/14 14:09:06 | 000,028,083 | ---- | C] () -- C:\Users\Georgia\Documents\The Badaling Great Wall, Beijing, Great Wall, Badaling Section, Information and Tours.htm

[2012/06/13 19:26:07 | 000,103,306 | ---- | C] () -- C:\Users\Georgia\Documents\china-complete.pdf

[2012/06/13 17:42:53 | 000,017,869 | ---- | C] () -- C:\Users\Georgia\Documents\Egyptvoyager_com The Pyramid of Khafre at the Giza Plateau - Egypt.htm

[2012/05/12 15:03:11 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat

[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@

[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@

[2011/10/27 19:06:13 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011/10/27 19:06:13 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2011/10/27 19:00:45 | 000,000,255 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2011/10/27 19:00:45 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini

[2011/10/27 19:00:10 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2011/10/27 19:00:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini

[2011/10/27 19:00:10 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat

[2011/10/24 00:54:45 | 000,007,610 | ---- | C] () -- C:\Users\Georgia\AppData\Local\Resmon.ResmonCfg

[2011/06/21 02:26:46 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/06/21 02:26:44 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/04/28 03:31:59 | 000,333,824 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll

[2011/04/28 02:52:13 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/04/01 21:19:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/02/10 19:03:27 | 000,772,990 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2011/12/26 19:24:18 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Avery

[2012/06/21 16:18:45 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG

[2012/06/25 20:03:47 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\AVG2012

[2012/05/12 15:47:40 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Clip Art Collection

[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa

[2012/06/09 01:27:20 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Garmin

[2012/06/30 16:11:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Iwovla

[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu

[2012/06/23 22:02:57 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\TestApp

[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific

[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu

[2011/10/24 01:53:48 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Windows Live Writer

[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos

[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie

[2012/07/01 07:14:34 | 000,000,914 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job

[2012/07/01 13:28:39 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job

[2012/06/23 21:54:41 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Share this post


Link to post
Share on other sites

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
    [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu
    [2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla
    [2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa
    [2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu
    [2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific
    [2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu
    [2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
    [2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie
    [2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
    [2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR
    [2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
    [2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
    [2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
    [2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
    [2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
    [2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
    [2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
    [2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
    [2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
    [2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@

    :files
    C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
    C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Share this post


Link to post
Share on other sites

OTL Log after reboot.

All processes killed

Error: Unable to interpret <:OTL[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Use> in the current context!

Error: Unable to interpret <rs\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.> in the current context!

Error: Unable to interpret <@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@:filesC:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}ipconfig /flushdns /c:Commands[emptytemp][clearallrestorepoints]> in the current context!

OTL by OldTimer - Version 3.2.53.1 log created on 07012012_140452

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

MBAM Log.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.01.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Georgia :: HOUSECOMPUTER [administrator]

7/1/2012 2:08:22 PM

mbam-log-2012-07-01 (14-08-22).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 212058

Time elapsed: 3 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Your script was not activated. Every entrie should be on a new line. The script in OTL should looks like this:

:OTL
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/25 16:15:59 | 000,000,000 | ---D | C] -- C:\Users\Georgia\AppData\Roaming\Iwovla
[2012/06/30 18:23:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Etixwa
[2012/06/30 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Oqdu
[2012/06/25 18:06:56 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Tific
[2011/10/24 00:09:30 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Udcuu
[2012/06/25 16:15:59 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Yrkeos
[2011/10/24 00:35:24 | 000,000,000 | ---D | M] -- C:\Users\Georgia\AppData\Roaming\Zonie
[2012/06/20 17:51:12 | 000,000,112 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NRr
[2012/06/20 17:51:12 | 000,000,000 | ---- | M] () -- C:\ProgramData\-X4V4pVXxJCY4NR
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,080,896 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:32 | 000,000,804 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/06/27 18:27:07 | 000,001,632 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@
[2012/01/11 21:11:28 | 000,002,048 | ---- | C] () -- C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@

:files
C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}
ipconfig /flushdns /c

:Commands
[emptytemp]
[clearallrestorepoints]

Please repeat both steps.

Share this post


Link to post
Share on other sites

OTL log as requested.

All processes killed

========== OTL ==========

C:\Users\Georgia\AppData\Roaming\Yrkeos folder moved successfully.

C:\Users\Georgia\AppData\Roaming\Oqdu folder moved successfully.

C:\Users\Georgia\AppData\Roaming\Iwovla folder moved successfully.

C:\Users\Georgia\AppData\Roaming\Etixwa folder moved successfully.

Folder C:\Users\Georgia\AppData\Roaming\Oqdu\ not found.

C:\Users\Georgia\AppData\Roaming\Tific folder moved successfully.

C:\Users\Georgia\AppData\Roaming\Udcuu folder moved successfully.

Folder C:\Users\Georgia\AppData\Roaming\Yrkeos\ not found.

C:\Users\Georgia\AppData\Roaming\Zonie folder moved successfully.

C:\ProgramData\-X4V4pVXxJCY4NRr moved successfully.

C:\ProgramData\-X4V4pVXxJCY4NR moved successfully.

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ moved successfully.

File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\80000064.@ not found.

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ moved successfully.

File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L\00000004.@ not found.

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ moved successfully.

File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\00000004.@ not found.

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ moved successfully.

File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ not found.

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ moved successfully.

File C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\@ not found.

========== FILES ==========

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U folder moved successfully.

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\L folder moved successfully.

C:\Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} folder moved successfully.

File\Folder C:\Users\Georgia\AppData\Local\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2} not found.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Georgia\Desktop\cmd.bat deleted successfully.

C:\Users\Georgia\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Georgia

->Temp folder emptied: 1355329 bytes

->Temporary Internet Files folder emptied: 8729589 bytes

->Java cache emptied: 1180862 bytes

->FireFox cache emptied: 61884517 bytes

->Flash cache emptied: 2438 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1714045 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 69192 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 61679954 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 130.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07012012_211132

Files\Folders moved on Reboot...

C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP moved successfully.

C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.

C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm moved successfully.

C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js moved successfully.

C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot moved successfully.

C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm moved successfully.

C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm moved successfully.

C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully.

PendingFileRenameOperations files...

File C:\Users\Georgia\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

File C:\Users\Georgia\AppData\Local\Temp\~DFFB76382BF503C00D.TMP not found!

File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\fastbutton[10].htm not found!

File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZM3QL3XN\gossip-us-fp[2].js not found!

File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\EFpQQyG9GqCrobXxL-KRMWzklk6MJbhg7BmBP42CjCQ[1].eot not found!

File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\index[2].htm not found!

File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\rsa[1].htm not found!

File C:\Users\Georgia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2K8TZNG\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

MBAM log as requested

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.01.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Georgia :: HOUSECOMPUTER [administrator]

7/1/2012 9:15:49 PM

mbam-log-2012-07-01 (21-15-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211721

Time elapsed: 3 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Share this post


Link to post
Share on other sites

ComboFix Log as requested

ComboFix 12-07-02.01 - Georgia 07/02/2012 15:56:35.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3943.2709 [GMT -4:00]

Running from: c:\users\Georgia\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))

.

.

2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp

2012-07-02 20:02 . 2012-07-02 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-01 18:04 . 2012-07-01 18:04 -------- d-----w- C:\_OTL

2012-07-01 01:27 . 2012-07-01 01:27 -------- d-----w- c:\users\Georgia\AppData\Local\ElevatedDiagnostics

2012-06-30 23:21 . 2012-06-30 23:21 -------- d-----w- c:\program files\ESET

2012-06-30 22:42 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-06-30 21:43 . 2012-06-30 21:43 -------- d-----w- C:\$AVG

2012-06-25 23:39 . 2012-06-30 21:56 -------- d-----w- C:\sh4ldr

2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files\Enigma Software Group

2012-06-25 23:39 . 2012-06-25 23:39 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-06-25 22:06 . 2012-06-25 22:06 -------- d-----w- c:\users\Georgia\AppData\Local\Symantec

2012-06-25 20:33 . 2012-06-25 20:33 -------- d-----w- C:\e

2012-06-25 20:29 . 2012-06-25 20:29 -------- d-----w- c:\windows\SysWow64\%APPDATA%

2012-06-25 20:06 . 2012-06-18 07:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BBC96EE-FA5E-42E7-87B5-8C6ADA3ACC60}\mpengine.dll

2012-06-25 20:06 . 2012-06-25 20:06 -------- d-----w- c:\users\Georgia\AppData\Roaming\Malwarebytes

2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\programdata\Malwarebytes

2012-06-25 20:05 . 2012-06-25 20:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-25 19:06 . 2012-06-25 19:06 -------- d-----w- c:\users\Georgia\AppData\Local\Macromedia

2012-06-24 02:10 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\PC Tools

2012-06-24 02:03 . 2012-06-25 22:40 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-06-24 02:03 . 2012-05-11 15:14 251528 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-06-24 02:02 . 2012-06-25 22:23 -------- d-----w- c:\programdata\PC Tools

2012-06-24 02:02 . 2012-06-24 02:02 -------- d-----w- c:\users\Georgia\AppData\Roaming\TestApp

2012-06-21 20:18 . 2012-06-21 20:18 -------- d-----w- c:\users\Georgia\AppData\Roaming\AVG

2012-06-20 21:52 . 2012-06-20 21:52 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4ea5b291cd4f2e02\MeshBetaRemover.exe

2012-06-20 21:52 . 2012-06-20 21:52 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DSETUP.dll

2012-06-20 21:52 . 2012-06-20 21:52 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\DXSETUP.exe

2012-06-20 21:52 . 2012-06-20 21:52 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\f4a553411cd4f2e01\dsetup32.dll

2012-06-15 03:57 . 2012-06-15 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2012-06-13 23:23 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-10 19:01 . 2012-06-10 19:01 -------- d-----w- c:\program files (x86)\NovaLogic

2012-06-10 02:34 . 2012-06-24 04:34 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-06-09 05:17 . 2012-06-09 05:17 -------- d-----w- c:\program files\DIFX

2012-06-09 05:16 . 2012-06-09 05:17 -------- d-----w- c:\program files (x86)\Garmin

2012-06-09 05:16 . 2012-06-09 05:27 -------- d-----w- c:\users\Georgia\AppData\Roaming\Garmin

2012-06-08 23:12 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-08 23:12 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-08 23:12 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-08 23:12 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-08 23:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-08 23:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-08 23:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-08 23:12 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-08 23:12 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-24 04:34 . 2012-04-17 03:11 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-24 04:34 . 2011-08-05 01:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-01_02.22.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-02 01:19 . 2012-07-02 02:30 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat

+ 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\History\History.IE5\index.dat

+ 2012-07-02 01:19 . 2012-07-02 02:30 16384 c:\windows\temp\Cookies\index.dat

+ 2010-11-21 03:09 . 2012-07-02 01:15 59794 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-02 01:15 37050 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-08-04 19:26 . 2012-07-02 01:15 12986 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-372996367-75289682-3332733727-1005_UserData.bin

+ 2011-08-11 07:14 . 2012-07-02 01:13 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2011-08-11 07:14 . 2012-06-29 16:33 3330 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-01 02:10 . 2012-07-01 02:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-02 01:14 . 2012-07-02 01:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-08-17 20:58 . 2012-07-02 19:52 286874 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2011-08-05 03:05 . 2012-07-02 16:48 314386 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2012-07-02 01:19 660280 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-01 02:14 660280 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-02 01:19 121208 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-01 02:14 121208 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-07-02 01:13 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-01 02:09 343424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-04-28 07:28 . 2012-07-01 02:09 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-04-28 07:28 . 2012-07-02 01:13 1434712 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-07-02 15:52 . 2012-07-02 15:52 8451584 c:\windows\Installer\324d2c2.msi

+ 2011-08-04 19:23 . 2012-07-02 01:13 18705832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-372996367-75289682-3332733727-1005-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-23 6591800]

"Facebook Update"="c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-27 137536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVXV1UtV0JEWEMtVllGTjMtUURKTUgtNDJBT0EtSzZIVTk&inst=NzctNzE0NzYyMDc3LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ∏=90&ver=2012.0.1809&mid=65defadbc97147d1af884149085e1d5b-6cd39ce697ea634205ecf7508910ed5189e641fe" [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2011-03-09 51872]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]

R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]

R3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\drivers\hidkmdf.sys [2011-02-12 14400]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-04-29 146592]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-04-29 91296]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2011-11-10 517632]

S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-09 53248]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-02-10 102400]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-02-10 98816]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-14 2656280]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-04-29 36000]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-04-29 259232]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-04-29 109216]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-04-29 29344]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-04-29 166048]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-04-29 59040]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-04-29 283296]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-04-29 288416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-04-01 317440]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-02-14 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]

S3 NWLowRider;NextWindow LowRider Touch Screen;c:\windows\system32\drivers\NWLowRider.sys [2011-02-12 26176]

S3 NWWakeFilterLR;NextWindow Remote Wake Blocker;c:\windows\system32\drivers\NWWakeFilterLR.sys [2011-02-12 14400]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-13 413800]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 04:34]

.

2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005Core.job

- c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49]

.

2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-372996367-75289682-3332733727-1005UA.job

- c:\users\Georgia\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-27 04:49]

.

2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13]

.

2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 03:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-03 11775592]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-03 2188904]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-04-29 790688]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-04-29 657568]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 391960]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 419096]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie9/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Georgia\AppData\Roaming\Mozilla\Firefox\Profiles\ynhww6ck.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo Search

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/?ilc=10&fr=ydwnld-home

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-02 16:04:26

ComboFix-quarantined-files.txt 2012-07-02 20:04

ComboFix2.txt 2012-07-01 02:25

.

Pre-Run: 443,097,640,960 bytes free

Post-Run: 443,054,604,288 bytes free

.

- - End Of File - - 72C8398A601942DFBF96F6C800740CA5

Share this post


Link to post
Share on other sites

Awesome! :)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Share this post


Link to post
Share on other sites

ESET Log as requested. I dont think this is the right log for some reason. There is no extended log on program files. This log is in x86 files. The ESET found 3 threats and deleted them on the first scan. I am running the scan again.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

esets_scanner_update returned -1 esets_gle=53251

Share this post


Link to post
Share on other sites

Recently, it often happens that problem.

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Share this post


Link to post
Share on other sites

Kaspersky log as requested. 2 threats found

Status: Deleted (events: 2)

7/3/2012 8:19:41 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\Qoobox\Quarantine\C\Windows\Installer\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@.vir High

7/3/2012 9:01:27 PM Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\07012012_211132\C_Users\Georgia\Local Settings\{3f6625c5-244e-ea16-48d1-3ccfc84d6bd2}\U\000000cb.@ High

Share this post


Link to post
Share on other sites

Dont seem to be having any issues virus related, which is great. Having an issue with Interent Explorer unexpectedly shutting down. I think it might have something to do with AVG Anti-virus blocking cookies or allowing too many? Any ideas??? Never had this issue before. Thanks for all of your help

Share this post


Link to post
Share on other sites

Resetting IE settings seemed to help that issue.

I have noticed something else though. Today I went to scan a document into my computer and my scanner wasnt working. Printer works but scanner side not recognized. Went to start menu to open up Brother program and all of the files in my Windows Start menu say they are empty as they did in the beginning. Is this malware still affecting my computer?? I ran MBAM scan and it did not find any threats.

Share this post


Link to post
Share on other sites

Thanks. Start menu restored. Now back to having issues with IE closing unexpectedly and then re-opening. Its not a huge deal until you are in the middle of soemthing on the internet and it decides to close and re-open. Can't figure out what is causing this. Thanks

Share this post


Link to post
Share on other sites

Reset IE it seemed to help for a few minutes. Then while running a program on the internet that requires alot of mouse clicking it closed and re-opened. It also seems to do this when more than one window is open. Sometimes it will close after a few minutes sometimes a little longer. Also my AVG anti-virus pops up alot notifying me of cookies asking me what I want to do. Most of the time if you try and click on allow and dont ask me again it will not execute and you just click ignore and keep on going. This also seems to affect the IE closing unexpectedly. Thanks for you help.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.