Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

AVG Secure Search Must Go

(In Progress)
(!)

eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,107 posts.
 
Join Date: Mar 2001
Location: Bradford, England
21-Jun-2012, 02:39 PM #46
When you say 20%, do you mean it still uses AVG? When you've run the ComboFix, just post it here.

I'm not here tomorrow, but have the next week off work, so will be here at home from Saturday. Have to use my holidays up, so taking a break to relax and do some work around the house

Hope the graduation goes well, and hope you feel better soon
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
08-Jul-2012, 12:40 AM #47
A v g
Ok where was i trying to get am MRI and CT scan for some med issues i have and the red tape is awful to get things ok'd . .

Don t worry about the 20 % thingy that has to do with ie 9.0 can t connect to web sites and it keeps inserting 20% into the address i type in thats another issue for later . .

Heres the Malwearbytes log i just ran i hope it didn t miss anything . . . it did delete stuff and i did delete all in Quarantin - Didn t you want OTL to remove some stuff you had a list need that re posted and should i run combo fix again insure nothing was missed . . .

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.07.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
pestyone :: PESTYONE-PC [administrator]
7/7/2012 10:45:44 PM
mbam-log-2012-07-07 (22-45-44).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Objects scanned: 324403
Time elapsed: 33 minute(s), 22 second(s)
Memory Processes Detected: 1
C:\Users\pestyone\AppData\Local\swpsmom.exe (Trojan.Lameshield) -> 1448 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 11
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\Users\pestyone\AppData\Local\swpsmom.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Rising\RSD\updater.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\updater.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\ProgramData\F4D55F3B003185BB013C01EBB4EB2367\F4D55F3B003185BB013C01EBB4E B2367.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
C:\Users\pestyone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\192e115 5-11ed0f12 (Trojan.Lameshield) -> Quarantined and deleted successfully.
(end)
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,107 posts.
 
Join Date: Mar 2001
Location: Bradford, England
08-Jul-2012, 06:13 PM #48
Its okay about the delay, as health is more important, and red tape etc is annoying any time

The 20% thing is sometimes when there are spaces in the address, and so IE puts that in (why 20% and never a symbol) to make the space go.

I see that MBAM removed FunMoods. Do you have the toolbar installed?

Can you run Combofix as I posted here:

http://forums.techguy.org/8387448-post43.html

And post the log

------

As for the IE problem, we can try a repair of it, which is easy to do, but I'll wait for the replies on the above. Any time is fine, I'll be here most nights

Take care

eddie
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
10-Jul-2012, 04:04 AM #49
A . V . G .
Ok trying this again hopefully won t get timed out again grrrrr .

still seeing conime and conduit on my laptop and can t delete them yet dang it.

Getting some malwear/ trojan called " lameshield/kiltsr.exe " that keeps coming back to bite me after malwearbytes deletes it but this the 4th time around i am leaving at in quarantine seeing how male can t delete it 100% after it reboots; getting smarter and tired will the mess's ever end finally.

As for the log you wanted me to insert in combo fix it didn t work but will try again think i missed some don t have note pad so trying word pad don t see how to install note pad yet


Heres the latest combo log if you see anything let me know maybe i can find and delete the malwear in a search - later and thanks . .

And how do i get full access so i can open all folders i am the only user thats another problem i can t fix yet . . .


ComboFix 12-07-10.01 - pestyone 07/10/2012 3:05.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.263.1033.18.4029.2296 [GMT -4:00]
Running from: c:\users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0BQQQ72\ComboFix.exe
AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section not completed
.
((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
.
.
2012-07-10 06:11 . 2012-07-10 06:11 -------- d-----w- c:\users\pestyone\AppData\Local\Nero
2012-07-10 05:46 . 2012-07-10 05:47 -------- d-----w- c:\users\pestyone\AppData\Roaming\Nero
2012-07-10 05:37 . 2012-07-10 05:42 -------- d-----w- c:\program files (x86)\Nero
2012-07-10 05:37 . 2012-07-10 05:39 -------- d-----w- c:\programdata\Nero
2012-07-10 05:37 . 2012-07-10 05:45 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-07-07 12:40 . 2012-07-07 12:40 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2012-07-07 01:45 . 2012-07-08 03:20 -------- d-----w- c:\programdata\F4D55F3B003185BB013C01EBB4EB2367
2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\users\pestyone\AppData\Roaming\Ashampoo
2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\users\pestyone\AppData\Local\ashampoo
2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\programdata\ashampoo
2012-07-06 13:32 . 2012-07-06 13:33 -------- d-----w- c:\users\pestyone\AppData\Roaming\EasyBurner
2012-07-06 07:45 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE5325E8-AA59-4065-8A4B-06AAE7E19B9D}\mpengine.dll
2012-07-04 10:08 . 2012-07-04 10:08 -------- d-----w- c:\users\pestyone\AppData\Local\SumRando
2012-06-28 19:22 . 2012-06-28 19:22 74352 ----a-w- c:\windows\SysWow64\sslsp104.dll
2012-06-28 19:21 . 2012-06-28 19:21 75888 ----a-w- c:\windows\system32\sslsp104.dll
2012-06-21 00:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 00:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 00:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 00:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 00:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 00:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 00:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 00:13 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 00:13 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-12 20:14 . 2012-06-12 20:14 -------- d-----w- c:\users\pestyone\AppData\Local\Conversion Online
2012-06-12 20:13 . 2012-06-12 20:13 -------- d-----w- c:\program files (x86)\Conversion Online
2012-06-12 17:46 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 17:46 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 17:46 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 17:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 17:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 17:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 17:41 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 17:41 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 17:41 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 17:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 17:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 17:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 17:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 17:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 17:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 17:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 17:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\users\pestyone\AppData\Roaming\SUPERAntiSpyware.com
2012-06-11 08:00 . 2012-07-08 01:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-11 07:49 . 2012-06-11 07:49 -------- d-----w- c:\users\pestyone\AppData\Roaming\DriverCure
2012-06-11 07:49 . 2012-06-11 07:49 -------- d-----w- c:\users\pestyone\AppData\Roaming\SpeedyPC Software
2012-06-10 22:15 . 2012-06-10 22:15 -------- d-----w- c:\users\pestyone\Tracing
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-10 08:09 . 2012-04-22 01:47 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-10 08:09 . 2011-12-10 23:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-01 20:03 . 2012-06-01 20:03 116016 ----a-w- c:\windows\system32\drivers\15354131.sys
2012-05-30 04:25 . 2012-05-30 04:25 4101392 ----a-w- c:\windows\uninst.exe
2012-05-24 12:19 . 2012-05-24 12:19 388096 ----a-r- c:\users\pestyone\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-20 23:24 . 2011-04-18 23:57 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
2012-05-20 23:23 . 2011-04-18 23:57 407040 ----a-w- c:\windows\HotfixChecker.exe
2012-05-20 23:20 . 2012-05-20 23:20 4633992 ----a-w- c:\windows\system32\ETDUI.cpl
2012-05-16 18:07 . 2012-05-16 18:08 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-05-16 18:07 . 2012-05-15 23:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-14 01:21 . 2012-05-14 01:21 82816 ----a-w- c:\users\pestyone\AppData\Roaming\pcouffin.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru nOnce]
"CleanSetup"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tun3325;VPN Tunnel Adapter;c:\windows\system32\DRIVERS\tun3325.sys [2011-11-17 35056]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-28 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [2011-11-26 37016]
S1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [2011-11-26 30360]
S1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2011-11-26 41048]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-06 8704]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35344]
S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [2011-12-06 150168]
S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\RavMonD.exe [2011-11-26 264448]
S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-08 401696]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-25 11895400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MU I.exe" [2011-06-16 2922496]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\windows\system32\sslsp104.dll
Trusted Zone: extratorrent.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\02\03\01\010?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-10 03:07:50
ComboFix-quarantined-files.txt 2012-07-10 07:07
.
Pre-Run: 21,481,127,936 bytes free
Post-Run: 21,261,000,704 bytes free
.
- - End Of File - - 6920FA5F7CB22CC9492233B003208E6B
 
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,107 posts.
 
Join Date: Mar 2001
Location: Bradford, England
11-Jul-2012, 04:52 PM #50
Lets look a bit deeper, to see if malware is blocking the folders from opening:


Okay, can you re-run SystemLook using the following code, and post the log:

Code:
:filefind
*Iobit*
*Funmoods*
*AVG*
*Conduit*
*Advanced Spyware Remover*
*SystemCare*
:folderfind
*Iobit*
*Funmoods*
*AVG*
*Conduit*
*Advanced Spyware Remover*
*SystemCare*


-------

Then, can you post your installed programs as follows:

Please go here to download HijackThis.
Save the HijackThis.exe file to your desktop.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

--------

Then, delete the copy of OTL that you have, get a fresh one from here and run as follows. If only the one log is produced, that's fine


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
12-Jul-2012, 02:39 AM #51
A . V. G .
Dang seems to be a lot of crap in these logs that shouldn t be here but not sure what heres the un install list beats me what could get deleted - never used windows live yuk . .

???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
7-Zip 9.20
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Advertising Center
aioscnnr
aioscnnr
Atheros Client Installation Program
BatteryLifeExtender
center
ConvertXtoDVD 4 english manual
ConvertXtoDVD 4.1.19.365
CyberLink YouCam
CyberLink YouCam
D3DX10
DolbyFiles
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
Easy WiFi Radar 1.0.3
EasyBatteryManager
EMCO Malware Destroyer 6
essentials
Files Terminator Free 2.3.0.4
Fotogalerija Windows Live
Freemake Video Converter version 3.0.1
Freemake Video Downloader
Galeria de Fotografias do Windows Live
Galería fotográfica de Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Google Earth
Google Update Helper
HiJackThis
Intel(R) Rapid Storage Technology
Java(TM) 6 Update 32
KODAK AiO Software
Malwarebytes Anti-Malware version 1.61.0.1400
Marvell Miniport Driver
Menu Templates - Starter Kit
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Movie Templates - Starter Kit
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero Express Help
Nero InfoTool
Nero Installer
Nero Online Upgrade
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
ocr
OpenOffice.org 3.1
Poczta uslugi Windows Live
Pošta Windows Live
PreReq
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Rising Antivirus
Rising Software Deployment System
S?????? f?t???af??? t?? Windows Live
Samsung AnyWeb Print
Samsung Recovery Solution 5
Samsung Support Center 1.0
Samsung Universal Print Driver
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Toolbar Cleaner 1.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
User Guide
Verizon Download Manager
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.2
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live fotoattelu galerija
Windows Live Fotogaléria
Windows Live Fotogalerie
Windows Live Fotogalerie
Windows Live Foto-galerija
Windows Live Fotogalleri
Windows Live Fotograf Galerisi
Windows Live Fotótár
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live Pošta
Windows Liven sähköposti
Windows Liven valokuvavalikoima
WinPcap 4.1.2
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar


I only have one OTL log and here it is; looking for the first look link then i ll post it here; so 2 of 3 for now so whats going on . . .

OTL logfile created on: 7/12/2012 2:16:07 AM - Run 3
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\pestyone\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

3.93 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.63% Memory free
7.87 Gb Paging File | 6.00 Gb Available in Paging File | 76.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 113.00 Gb Total Space | 16.30 Gb Free Space | 14.42% Space Free | Partition Type: NTFS
Drive D: | 166.50 Gb Total Space | 148.48 Gb Free Space | 89.18% Space Free | Partition Type: NTFS

Computer Name: PESTYONE-PC | User Name: pestyone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/12 02:15:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pestyone\Downloads\OTL.exe
PRC - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/11/26 07:20:56 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RsTray.exe
PRC - [2011/11/26 07:19:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\popwndexe.exe
PRC - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe
PRC - [2011/11/24 03:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/08/26 21:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/08/09 05:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/27 01:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/24 03:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
MOD - [2011/11/24 03:05:26 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
MOD - [2010/05/07 10:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/09 15:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe -- (RsRavMon)
SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/26 07:16:30 | 000,041,048 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hvm.sys -- (HyperVM)
DRV:64bit: - [2011/11/26 07:16:29 | 000,037,016 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Hooksys.sys -- (hooksys)
DRV:64bit: - [2011/11/26 07:16:29 | 000,030,360 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookTdi.sys -- (HookTdi)
DRV:64bit: - [2011/11/17 14:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tun3325.sys -- (tun3325)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 23:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/02/11 17:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2010/11/23 03:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/09 22:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/07/08 04:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/04/27 03:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV - [2011/09/15 07:37:04 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/08/03 01:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf.sys -- (npf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={search...c=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2475029

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9EE14179-061B-460E-840B-2530D8988107}
IE - HKCU\..\SearchScopes\{9EE14179-061B-460E-840B-2530D8988107}: "URL" = http://search.yahoo.com/search?p={se...tPage?}&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail. com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 08:17:07 | 000,000,000 | ---D | M]

[2012/01/07 17:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions
[2012/05/09 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/09 22:23:08 | 000,000,000 | ---D | M] (uTorrentControl3 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}
[2012/04/26 06:04:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2011/12/17 06:20:00 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

O1 HOSTS File: ([2012/06/01 15:32:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O15 - HKCU\..Trusted Domains: extratorrent.com ([]https in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C93A6E3F-D3AD-4BC2-A1D8-AFDD6A3DB07C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5874F40-ED48-49D1-97C2-BC417465239C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bsmain)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 08:17:12 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\AVG Secure Search
[2012/07/11 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/07/11 08:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/07/11 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/07/11 08:16:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/11 08:15:07 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\FixCleaner
[2012/07/11 08:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
[2012/07/11 08:14:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
[2012/07/10 06:11:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/10 04:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
[2012/07/10 04:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
[2012/07/10 02:59:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 02:11:29 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Nero
[2012/07/10 01:46:25 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Nero
[2012/07/10 01:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2012/07/10 01:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2012/07/10 01:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2012/07/10 01:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2012/07/08 07:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/07 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{CF7C29A2-06BA-4331-ADE6-34AFA2A1F2C8}
[2012/07/07 08:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/07/06 21:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B003185BB013C01EBB4EB2367
[2012/07/06 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Ashampoo
[2012/07/06 09:39:26 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\ashampoo
[2012/07/06 09:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012/07/06 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\EasyBurner
[2012/07/04 06:08:25 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\SumRando
[2012/07/02 07:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/02 03:55:30 | 000,000,000 | -H-D | C] -- C:\Users\pestyone\Documents\Freemake_do_not_remove_this_folder
[2012/06/30 17:43:32 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ._files
[2012/06/28 15:22:04 | 000,074,352 | ---- | C] (SumRando) -- C:\windows\SysWow64\sslsp104.dll
[2012/06/28 15:21:26 | 000,075,888 | ---- | C] (SumRando) -- C:\windows\SysNative\sslsp104.dll
[2012/06/12 16:14:17 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Conversion Online
[2012/06/12 16:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conversion Online
[2012/05/13 21:21:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\pestyone\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/07/12 02:13:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 02:13:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 02:05:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/07/12 02:05:17 | 4224,307,200 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 08:30:28 | 000,452,131 | ---- | M] () -- C:\Users\pestyone\Desktop\confuciuetext02cnfcs10.pdf
[2012/07/11 06:35:27 | 000,000,179 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\default.rss
[2012/07/10 23:08:56 | 005,716,992 | ---- | M] () -- C:\Users\pestyone\Desktop\FAQ_eng.exe
[2012/07/10 23:07:06 | 012,801,024 | ---- | M] () -- C:\Users\pestyone\Desktop\Win7_Vista_XP_Manual_eng.exe
[2012/07/10 10:53:49 | 000,000,307 | ---- | M] () -- C:\Users\pestyone\Documents\Ink Cart Order 7-10-12 . . ..rtf
[2012/07/10 04:18:30 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\EMCO Malware Destroyer 6.lnk
[2012/07/10 01:38:13 | 000,002,688 | ---- | M] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2012/07/10 01:38:13 | 000,002,664 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/07/08 07:41:25 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/08 07:32:10 | 000,000,351 | ---- | M] () -- C:\Users\pestyone\Documents\in and out of vuze - reds.rtf
[2012/07/08 07:08:22 | 018,886,696 | ---- | M] () -- C:\Users\pestyone\Desktop\Screw the Roses - Send Me the Thorns The Romance and Sexual Sorcery of Sadomasochism.pdf
[2012/07/07 22:23:43 | 000,001,189 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
[2012/07/07 02:39:24 | 000,000,802 | ---- | M] () -- C:\Users\pestyone\Documents\Red combos ext drive 7-1-12.rtf
[2012/07/06 09:31:38 | 000,031,470 | ---- | M] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
[2012/07/06 09:26:38 | 000,000,798 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
[2012/07/02 07:29:04 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/01 03:43:25 | 065,881,740 | ---- | M] () -- C:\Users\pestyone\Documents\The Kama Sutra Figures in Indian Art.pdf
[2012/07/01 03:10:28 | 000,000,304 | ---- | M] () -- C:\Users\pestyone\Documents\red groupings 6-30-12.rtf
[2012/07/01 03:10:22 | 000,000,648 | ---- | M] () -- C:\Users\pestyone\Documents\reds so far 6-23-12.rtf
[2012/06/30 23:09:05 | 000,004,004 | ---- | M] () -- C:\Users\pestyone\Documents\Wooden bowl.rtf
[2012/06/30 17:43:32 | 000,026,324 | ---- | M] () -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ..htm
[2012/06/29 08:46:59 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/29 08:46:59 | 000,628,484 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/29 08:46:59 | 000,110,636 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/28 15:22:04 | 000,074,352 | ---- | M] (SumRando) -- C:\windows\SysWow64\sslsp104.dll
[2012/06/28 15:21:26 | 000,075,888 | ---- | M] (SumRando) -- C:\windows\SysNative\sslsp104.dll
[2012/06/25 06:53:21 | 000,002,093 | ---- | M] () -- C:\Users\pestyone\Documents\guy needs help with story 6-25-12.rtf
[2012/06/19 13:38:23 | 000,001,160 | ---- | M] () -- C:\Users\pestyone\Documents\battery fix.rtf
[2012/06/13 08:21:47 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\ConvertXtoDVD 4 english manual.lnk
[2012/06/12 14:04:17 | 000,293,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/07/11 08:30:28 | 000,452,131 | ---- | C] () -- C:\Users\pestyone\Desktop\confuciuetext02cnfcs10.pdf
[2012/07/10 23:06:12 | 012,801,024 | ---- | C] () -- C:\Users\pestyone\Desktop\Win7_Vista_XP_Manual_eng.exe
[2012/07/10 23:05:34 | 005,716,992 | ---- | C] () -- C:\Users\pestyone\Desktop\FAQ_eng.exe
[2012/07/10 10:53:49 | 000,000,307 | ---- | C] () -- C:\Users\pestyone\Documents\Ink Cart Order 7-10-12 . . ..rtf
[2012/07/10 04:18:30 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\EMCO Malware Destroyer 6.lnk
[2012/07/10 02:11:41 | 000,000,179 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\default.rss
[2012/07/10 01:38:13 | 000,002,688 | ---- | C] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
[2012/07/10 01:38:13 | 000,002,664 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2012/07/08 07:41:25 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/07/08 07:32:09 | 000,000,351 | ---- | C] () -- C:\Users\pestyone\Documents\in and out of vuze - reds.rtf
[2012/07/08 07:08:21 | 018,886,696 | ---- | C] () -- C:\Users\pestyone\Desktop\Screw the Roses - Send Me the Thorns The Romance and Sexual Sorcery of Sadomasochism.pdf
[2012/07/06 09:31:40 | 000,031,470 | ---- | C] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
[2012/07/02 07:29:04 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/01 05:51:44 | 000,000,802 | ---- | C] () -- C:\Users\pestyone\Documents\Red combos ext drive 7-1-12.rtf
[2012/07/01 03:43:25 | 065,881,740 | ---- | C] () -- C:\Users\pestyone\Documents\The Kama Sutra Figures in Indian Art.pdf
[2012/06/30 23:03:24 | 000,004,004 | ---- | C] () -- C:\Users\pestyone\Documents\Wooden bowl.rtf
[2012/06/30 19:29:41 | 000,000,304 | ---- | C] () -- C:\Users\pestyone\Documents\red groupings 6-30-12.rtf
[2012/06/30 17:43:31 | 000,026,324 | ---- | C] () -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ..htm
[2012/06/25 06:53:21 | 000,002,093 | ---- | C] () -- C:\Users\pestyone\Documents\guy needs help with story 6-25-12.rtf
[2012/06/23 06:43:32 | 000,000,648 | ---- | C] () -- C:\Users\pestyone\Documents\reds so far 6-23-12.rtf
[2012/05/24 16:29:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/05/24 16:29:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/05/24 16:29:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/05/24 16:29:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/05/24 16:29:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/14 06:38:32 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_en.bmp
[2012/05/14 06:38:08 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_es.bmp
[2012/05/13 21:21:39 | 000,007,859 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.cat
[2012/05/13 21:21:39 | 000,001,167 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.inf
[2012/05/10 00:16:52 | 000,000,798 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
[2012/05/07 23:50:54 | 000,001,189 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
[2012/04/13 06:47:12 | 000,000,600 | ---- | C] () -- C:\Users\pestyone\PUTTY.RND
[2011/11/26 07:18:11 | 000,000,134 | ---- | C] () -- C:\windows\SysWow64\BsMain.ini
[2011/11/26 03:25:39 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/11/26 00:13:05 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe
[2011/11/26 00:12:48 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
[2011/04/18 21:13:20 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2011/04/18 20:50:28 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/04/18 19:25:03 | 000,005,931 | ---- | C] () -- C:\windows\HotFixList.ini
[2011/02/11 23:15:08 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2011/02/11 23:15:08 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2011/02/11 23:15:08 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2011/02/11 17:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll

========== LOP Check ==========

[2012/05/31 04:45:37 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\AbiSuite
[2012/07/06 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Ashampoo
[2012/01/07 22:01:33 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Avant Downloader
[2012/05/26 06:34:42 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Curiolab
[2012/06/11 03:49:08 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\DriverCure
[2012/05/26 18:06:14 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\DVDVideoSoft
[2012/07/06 09:33:19 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\EasyBurner
[2012/07/11 08:15:23 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\FixCleaner
[2012/05/07 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Free Media Converter
[2012/05/11 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\IrfanView
[2012/06/11 03:03:12 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\JAM Software
[2012/05/17 15:34:20 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\KastorVideoConverter
[2012/05/10 04:08:57 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\mkvtoolnix
[2012/01/07 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Moonchild Productions
[2012/05/15 19:59:04 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\OfficeSuiteX
[2012/05/16 00:24:41 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\OpenOffice.org
[2012/05/30 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\PC Cleaners
[2012/05/30 00:25:54 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\PCPro
[2012/05/09 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\QuickZip
[2011/11/26 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Samsung
[2012/05/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\SoftGrid Client
[2012/06/11 03:49:07 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\SpeedyPC Software
[2012/05/21 13:24:50 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\TeamViewer
[2012/04/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Temp
[2012/05/06 02:13:51 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\TP
[2012/05/14 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Windows Live Writer
[2012/05/17 15:14:39 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\XMedia Recode
[2012/05/16 13:56:29 | 000,032,654 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
13-Jul-2012, 02:34 AM #52
A. V. G.
Ok this is getting serious and very annoying ; A V G popped back in for a quick visit and i hope i deleted it fast and now i have some crap from AVG called toolbarupdater.ex . .

Getting very tired of this and nothing is getting fix ed so if you don t have one big huge idea to fix my many mess's guess the only thing to do is call a techy to my house and fix the bloody mess is their any fix in sight from your end ?
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
14-Jul-2012, 09:05 AM #53
A . V. G.
Ok managed to delete avg search again and something called vpot whats with that crap; do you see anything blocking me or programs and what malwear do you see it the logs and how do i delete that crap.

now what did you want me to re post i will look still here . .
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
14-Jul-2012, 09:18 AM #54
A . V . G .
Ok you asked for a sys look log hope this looks like it found junk - later . .


SystemLook 30.07.11 by jpshortstuff
Log created at 09:10 on 14/07/2012 by pestyone
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "*Iobit*"
No files found.
Searching for "*Funmoods*"
C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx --a---- 31470 bytes [13:31 06/07/2012] [13:31 06/07/2012] BC64C97573527DDBC0F6522A28E6C96E
Searching for "*AVG*"
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FR53UHC\1054434-avg-secure-search-must-go-4[1].htm --a---- 191096 bytes [13:09 14/07/2012] [13:09 14/07/2012] 123F01F98B0B7608AF38C30857613017
Searching for "*Conduit*"
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml --a---- 192 bytes [03:38 08/05/2012] [11:41 11/05/2012] F159884E3BCD46C383F9086F4BF788C1
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml --a---- 188 bytes [13:53 11/05/2012] [13:53 11/05/2012] E2A87E535CF5282072AA46166D27D1DF
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [02:23 10/05/2012] [06:04 18/04/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml --a---- 935 bytes [02:23 10/05/2012] [06:04 18/04/2012] EA3447EB2DF2363DF9B9CB0429342219
Searching for "*Advanced Spyware Remover*"
No files found.
Searching for "*SystemCare*"
No files found.
========== folderfind ==========
Searching for "*Iobit*"
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\I Obit d------ [16:19 11/05/2012]
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\Roaming\IObit d------ [16:19 11/05/2012]
Searching for "*Funmoods*"
No folders found.
Searching for "*AVG*"
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ AVG Secure Search d------ [20:35 13/05/2012]
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\LocalLow\AVG Secure Search d------ [20:35 13/05/2012]
C:\Users\pestyone\AppData\Local\AVG Secure Search d------ [12:17 11/07/2012]
C:\Users\pestyone\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
Searching for "*Conduit*"
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit d------ [03:35 08/05/2012]
C:\Users\pestyone\AppData\LocalLow\Conduit d------ [03:35 08/05/2012]
C:\Users\pestyone\AppData\LocalLow\ConduitEngine d------ [13:39 06/07/2012]
Searching for "*Advanced Spyware Remover*"
No folders found.
Searching for "*SystemCare*"
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\I Obit\Advanced SystemCare V5 d------ [16:19 11/05/2012]
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\Roaming\IObit\Advanced SystemCare V5 d------ [16:19 11/05/2012]
-= EOF =-
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,107 posts.
 
Join Date: Mar 2001
Location: Bradford, England
15-Jul-2012, 11:00 AM #55
Well, your Java is out of date, so you can update that, but its not related to the AVG problem.

Your Java is out of date, so lets do that next:

Upgrade Java : (32 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Accept License Agreement.[/b]".
  • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")
  • Don't install any of the toolbars that are offered.


After doing the above, for the remains of the Java, can you do this:

Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

Make sure both of these options are checked:
  • Applications and Applets
  • Trace and Log Files
OK out of all the screens.


---------------

Also, did you install this?

EMCO Malware Destroyer 6

====================
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  1. Download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked
  6. Press OK
  7. Press YES to create the folder.

Registry Modifications

--

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    PRC - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    SRV - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2475029
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    [2012/05/09 22:23:08 | 000,000,000 | ---D | M] (uTorrentControl3 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}
    [2012/04/26 06:04:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2011/12/17 06:20:00 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 08:17:07 | 000,000,000 | ---D | M]
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    [2012/07/11 08:17:12 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\AVG Secure Search
    [2012/07/11 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/07/11 08:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/07/11 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/07/06 09:31:38 | 000,031,470 | ---- | M] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
    :Files
    C:\Program Files (x86)\Common Files\AVG Secure Search
    C:\ProgramData\AVG Secure Search
    C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
    C:\Users\pestyone\AppData\Local\AVG Secure Search
    C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit
    C:\Users\pestyone\AppData\LocalLow\Conduit
    C:\Users\pestyone\AppData\LocalLow\ConduitEngine
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5
    ipconfig /flushdns /c
    :Commands 
    [purity] 
    [resethosts] 
    [emptytemp] 
    [emptyjava]
    [EMPTYFLASH] 
    [CREATERESTOREPOINT] 
    [Reboot]
  • Then click the Run Fix button at the top
  • Click OK.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

----------------------------

You also have a file that is not found anywhere running on your system. Can you upload a copy of it for me to check further. In case you're wondering where I saw it, its in your OTL log here:

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)


----

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

Quote:

C:\windows\SysNative\sslsp104.dll

Let me know when its uploaded
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
16-Jul-2012, 05:36 AM #56
A . V . G.
Ok what fun updated jave but not sure if it worked got no confrimation.

Did the ERUNT thingy wonder how that worked hum .

And heres the OTL log . .

Working on trying to find the files you posted and re post here - later . .

All processes killed
========== OTL ==========
No active process named ToolbarUpdater.exe was found!
Error: No service named vToolbarUpdater11.2.0 was found to stop!
Service\Driver key vToolbarUpdater11.2.0 not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\modules folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\META-INF folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\defaults folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\chrome folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a} folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll not found.
C:\Users\pestyone\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
C:\Users\pestyone\AppData\Local\AVG Secure Search folder moved successfully.
Folder C:\ProgramData\AVG Secure Search\ not found.
Folder C:\Program Files (x86)\Common Files\AVG Secure Search\ not found.
Folder C:\Program Files (x86)\AVG Secure Search\ not found.
File C:\Users\pestyone\AppData\Local\funmoods.crx not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search not found.
File\Folder C:\ProgramData\AVG Secure Search not found.
C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml moved successfully.
File\Folder C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt not found.
File\Folder C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml not found.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\I Obit\Advanced SystemCare V5 folder moved successfully.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\I Obit folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\Roaming\IObit folder moved successfully.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ AVG Secure Search\cache folder moved successfully.
C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ AVG Secure Search folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\LocalLow\AVG Secure Search\cache folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\LocalLow\AVG Secure Search folder moved successfully.
File\Folder C:\Users\pestyone\AppData\Local\AVG Secure Search not found.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit \Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit \Community Alerts\Dialogs folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit \Community Alerts folder moved successfully.
C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\Conduit folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\ConduitEngine\MyStuffApps folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\ConduitEngine\Logs folder moved successfully.
C:\Users\pestyone\AppData\LocalLow\ConduitEngine folder moved successfully.
File\Folder C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\I Obit\Advanced SystemCare V5 not found.
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\A ppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\pestyone\Downloads\cmd.bat deleted successfully.
C:\Users\pestyone\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: pestyone
->Temp folder emptied: 37763285 bytes
->Temporary Internet Files folder emptied: 25400588 bytes
->Java cache emptied: 285785 bytes
->Flash cache emptied: 930 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 366678 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 61.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: pestyone
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: pestyone
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.54.0 log created on 07162012_052135
Files\Folders moved on Reboot...
C:\Users\pestyone\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\1054434-avg-secure-search-must-go-4[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\DtCol[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[3].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[2] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[3] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[4] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\01[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5275251235[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5543162843[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[3].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[4].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\data_sync[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\DtCol[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[2] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\8151466274[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\ff2[5].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\md[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\newattachment[2].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\storage[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\welcome[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\_;mtfIFrameRequest=false;ord=1342427648[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\5150153640[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\abmw[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\clk[1].htm moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[1] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[2] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[3] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[4] moved successfully.
C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\welcome[2].htm moved successfully.
PendingFileRenameOperations files...
File C:\Users\pestyone\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\1054434-avg-secure-search-must-go-4[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\DtCol[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[3].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[2] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[3] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[4] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\01[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5275251235[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5543162843[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[3].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[4].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\data_sync[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\DtCol[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[2] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\8151466274[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\ff2[5].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\md[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\newattachment[2].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\storage[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\welcome[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\_;mtfIFrameRequest=false;ord=1342427648[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\5150153640[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\abmw[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\clk[1].htm not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[1] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[2] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[3] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[4] not found!
File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\welcome[2].htm not found!
Registry entries deleted on Reboot...
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
17-Jul-2012, 04:33 AM #57
awww not that file packer again getting tired need a short break things are getting worse on this end the files you wanted ; the 6 of them i can t find them - later

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,107 posts.
 
Join Date: Mar 2001
Location: Bradford, England
18-Jul-2012, 12:43 PM #58
Just reading here:

http://forums.techguy.org/networking...connected.html

You said you're getting messages about Rootkit.0Access and Trojan.Dropper.BCMiner. When have you been getting the Rookit messages? I thought it was just AVG search to remove. Which programs are telling you about the rootkit message?

None of the tools we've used mention this, least not in any of the logs you posted.

I know you don't want to use the sfp tool again, but the file that you have on your system, is not found anywhere, and running from where it is, could be the key to the infection. Its just the one file, so if you can do this, I can check the file fully:

Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

Quote:

C:\windows\SysNative\sslsp104.dll

-------------

Also, as its Zero Access you get message about, can you do this again with ComboFix:

Delete any copies of Combofix that you have.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re-enable the protection again afterwards before connecting to the Internet.
  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

eddie
Verylost's Avatar
Verylost Verylost is offline
Computer Specs
Account Closed with 207 posts.
THREAD STARTER
 
Join Date: Jul 2010
Experience: Intermediate
18-Jul-2012, 10:56 PM #59
awww crap- dang tryed 2x to post here and bring you up to date but both times have been logged out by this site so one more short try; google " Bad Pool Health " and you ll see the only fix is recovery - stressed out and tired over re formatting and re loading software bk on my PC . .

Later . .
etaf's Avatar
etaf   (Wayne) etaf is offline
Computer Specs
Moderator with 49,807 posts.
 
Join Date: Oct 2003
Location: Surrey, UK
Experience: Intermediate
19-Jul-2012, 07:17 AM #60
please up date the post - that samsung have now been involved and restored the PC - and explain exactly what that means so we know the full details and if you still require service from this site , can continue to help.

I would also suggest as you are concerned about the time taken here, you look for an alternative solution for your problem such as the local shop you mentioned to me in a PM or other sites where you pay for the service.

This site will continue to operate the policy of only authorised malware advisor's operate here and that we will not allow multiple people to answer questions as from our experience that will cause more issues to the posters pc then resolve the issue
__________________
I will not be online from Monday 14th to Thursday 17th April 2014
Please let us know what the final solution was to any problem posted
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑