Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: need help with adware : win32/pricegong


(!)

Serge2012's Avatar
Serge2012   (Serge) Serge2012 is offline
Member with 14 posts.
THREAD STARTER
 
Join Date: Feb 2013
Location: Langhorne
01-Feb-2013, 03:05 PM #1
need help with adware : win32/pricegong
Hi,

My computer got infected a few days ago with adware : win32/pricegong. I tried to remove it with various anti-malware and anti-virus softwares : Microsoft windows essentials, BitDefender, windows defender, emsisoft, Avast but it always come back in each scan that I run afterwards. Does anybody know a good program to get rid of this? A free program may be?...

Thanks for your help.

Serge
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
04-Feb-2013, 05:38 AM #2
Hello serge2012 and welcome to TSG.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================

Download and run OTL
  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe

services.exe
/md5stop
%systemroot%\*. /rp /s
DRIVES
CREATERESTOREPOINT

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.
===================================================

Run aswMBR
  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.
Logs to include with next post:

AdwCleaner log
OTL.txt
Extras.txt
aswMBR log


Thanks

Satchfan
Serge2012's Avatar
Serge2012   (Serge) Serge2012 is offline
Member with 14 posts.
THREAD STARTER
 
Join Date: Feb 2013
Location: Langhorne
04-Feb-2013, 02:04 PM #3
adware win.32 pricegong - various scans logs attachments
Hi Satchfan,

Thanks for your reply and help. I'm not very familiar with viruses and malwares. I ran all the scans and save the documents you asked for and I hope I did it correctly and didn't miss anything...

I wait to hear from you.

Thanks again.

Serge
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
04-Feb-2013, 07:27 PM #4
Hello again

Quote:
I hope I did it correctly and didn't miss anything
You did it all perfectly.

Uninstall Google Chrome

For the time being I would like for you to uninstall Google Chrome and only use Firefox or Internet Explorer. You can reinstall it later if you like.

We need to remove some entries and that is the easiest way to do so with Google Chrome.

If asked about user data or settings, dont check the box that asks to remember settings. We need to remove those also.

===================================================

P2P - I see you have P2P software, (BitTorrent, emule, iMesh ), installed on your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

If your computer is infected, it almost certainly contributed to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from un-certified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing.

I would strongly recommend that you uninstall them now. You can do so via Control Panel, Programs, and then Programs and Features.

Should you decide to keep them, please dont use them until we have finished up here.

===================================================

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code:
:Services
   
  :OTL
  IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
  IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\URLSearchHook: {6926c7f7-6006-42d1-b046-eba1b3010315} - No CLSID value found
  IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes,DefaultScope = {6B2BC070-1966-4377-92B2-5CC38D49EF2C}
  IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{293D02FD-E28E-434D-870F-37A6F1F8A10B}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8DRcFFaf&i=26
  IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{6B2BC070-1966-4377-92B2-5CC38D49EF2C}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981
  IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
  IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
  [2012/11/18 10:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions
  [2012/05/11 09:39:36 | 000,000,000 | ---D | M] (Gossiper Community Toolbar) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{0a452a47-c5a8-4854-a237-4b9b06b376f0}
  [2012/11/18 10:56:51 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
  [2012/08/21 10:34:55 | 000,000,000 | ---D | M] (BitTorrentBar2 Community Toolbar) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}
  [2012/04/28 18:07:16 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
  [2012/12/29 07:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
  [2012/09/24 06:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
  O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
  O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
  O3 - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\Toolbar\WebBrowser: (no name) - {0A452A47-C5A8-4854-A237-4B9B06B376F0} - No CLSID value found.
  O3 - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\Toolbar\WebBrowser: (no name) - {6926C7F7-6006-42D1-B046-EBA1B3010315} - No CLSID value found.
  O3 - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\Toolbar\WebBrowser: (no name) - {F999A48B-1950-4D81-9971-79018F807B4B} - No CLSID value found.
  O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
   
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
  "{F81B10ED-6E3A-43DB-BB96-CCB0CDD4A03B}" =-
  "{FC03DC84-6913-4407-83CC-479EC72BBF8A}" =-
   
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
click the Run Fix button at the top
let the program run unhindered, reboot when it is done
post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
Logs to include in the next post:

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop
  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.
Logs to include in the next post:

OTL fix log
New OTL log
JRT.txt


Please do not attach the: copy/paste them in the reply.

Thanks

Satchfan
Serge2012's Avatar
Serge2012   (Serge) Serge2012 is offline
Member with 14 posts.
THREAD STARTER
 
Join Date: Feb 2013
Location: Langhorne
05-Feb-2013, 01:01 PM #5
adware win.32 Pricegong - new logs 2/5/2013
Hi Satchfan,

Thanks for your quick reply and help. I know I have some P2P on my system... Well, I'm French and I live in the USA I used them mostly for French movies that I can't find in any video store here in the USA, I know there are always some risks with these sharing files softwares...

I ran the new logs that you asked for and I hope I didn't mess up because I was doing several things at the same time.

Serge
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
05-Feb-2013, 07:42 PM #6
My apologies the last instructions caused the fix to not work because of my mistake.

Please run it again.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code:
:Services
   
:OTL
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\URLSearchHook: {6926c7f7-6006-42d1-b046-eba1b3010315} - No CLSID value found
IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes,DefaultScope = {6B2BC070-1966-4377-92B2-5CC38D49EF2C}
IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{293D02FD-E28E-434D-870F-37A6F1F8A10B}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8DRcFFaf&i=26
IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{6B2BC070-1966-4377-92B2-5CC38D49EF2C}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227981
IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=101&systemid=453&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?utf8in=1&fr=ietb&q={SearchTerms}
[2012/11/18 10:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions
[2012/05/11 09:39:36 | 000,000,000 | ---D | M] (Gossiper Community Toolbar) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{0a452a47-c5a8-4854-a237-4b9b06b376f0}
[2012/11/18 10:56:51 | 000,000,000 | ---D | M] (Спутник @Mail.Ru) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2012/08/21 10:34:55 | 000,000,000 | ---D | M] (BitTorrentBar2 Community Toolbar) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{656461ef-40f6-4115-9ff1-bced9812ccbb}
[2012/04/28 18:07:16 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/12/29 07:33:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/09/24 06:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O3 - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\Toolbar\WebBrowser: (no name) - {0A452A47-C5A8-4854-A237-4B9B06B376F0} - No CLSID value found.
O3 - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\Toolbar\WebBrowser: (no name) - {6926C7F7-6006-42D1-B046-EBA1B3010315} - No CLSID value found.
O3 - HKU\S-1-5-21-2785618035-675170288-269595618-1001\..\Toolbar\WebBrowser: (no name) - {F999A48B-1950-4D81-9971-79018F807B4B} - No CLSID value found.
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
   
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F81B10ED-6E3A-43DB-BB96-CCB0CDD4A03B}" =-
"{FC03DC84-6913-4407-83CC-479EC72BBF8A}" =-
   
:Commands
[purity]
[emptytemp]
[Reboot]
  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.
Please copy the logs and paste them in the reply, not attach them.

Thanks

Satchfan
Serge2012's Avatar
Serge2012   (Serge) Serge2012 is offline
Member with 14 posts.
THREAD STARTER
 
Join Date: Feb 2013
Location: Langhorne
06-Feb-2013, 12:15 PM #7
adware win.32 pricegong
Hi Satchfan,

Thanks. I copied the new logs underneath :

OTL log :

OTL logfile created on: 2/6/2013 10:25:45 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Serge\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 58.34% Memory free
5.92 Gb Paging File | 4.64 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 62.68 Gb Free Space | 28.73% Space Free | Partition Type: NTFS

Computer Name: SERGE-PC | User Name: Serge | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/04 11:36:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Serge\Downloads\OTL.exe
PRC - [2013/01/09 07:51:22 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/29 13:10:52 | 000,836,608 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\version.dll
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/09 07:51:26 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/20 03:35:38 | 001,128,944 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe -- (RoxMediaDB11)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/02 15:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/09/28 21:52:10 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 14:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 18:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/22 14:27:28 | 000,749,312 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009/04/22 14:26:56 | 000,667,776 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE&PC=UP09
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 81 92 FB D8 35 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp .com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/04 10:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee .com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp. com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/05/04 10:05:31 | 000,000,000 | ---D | M]

[2013/02/06 10:16:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2012/09/01 09:38:11 | 000,000,000 | ---D | M] (OneClickDownloader) -- C:\Users\Serge\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\OneClick Download@OneClickDownload.com
[2012/05/12 06:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - homepage: http://www.google.com/

O1 HOSTS File: ([2012/09/24 15:12:44 | 000,001,344 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 cms.olym.xilisoft.net
O1 - Hosts: 127.0.0.1 online.xilisoft.com
O1 - Hosts: 127.0.0.1 www.xilisoft.com
O1 - Hosts: 127.0.0.1 cms.olym.xilisoft.net
O1 - Hosts: 127.0.0.1 online.xilisoft.com
O1 - Hosts: 127.0.0.1 www.xilisoft.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5F461ECC-71C9-4846-A2AB-24F633AABB1A}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/05 10:53:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/02/05 10:53:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/05 10:42:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/05 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\Apps
[2013/02/05 10:35:54 | 000,000,000 | ---D | C] -- C:\Users\Serge\AppData\Local\Deployment
[2013/02/03 13:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/02/03 13:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2013/02/03 13:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2013/01/31 10:27:12 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/01/31 10:26:37 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/01/31 10:26:37 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/01/31 10:26:37 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/01/30 17:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2013/01/30 17:08:32 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/30 17:08:32 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/30 17:08:26 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/01/30 17:08:25 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/30 17:08:21 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/30 17:08:21 | 000,021,136 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/01/30 17:08:19 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/30 17:07:15 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/30 17:07:14 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/29 14:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/01/29 14:55:19 | 000,000,000 | ---D | C] -- C:\Users\Serge\Documents\Anti-Malware
[2013/01/29 07:22:57 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20792594.sys
[2013/01/17 10:27:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/01/09 07:34:48 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/01/09 07:34:48 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/01/09 07:34:44 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/01/09 07:34:18 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/01/09 07:34:08 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/01/09 07:34:08 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/01/09 07:34:08 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 07:34:08 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/01/09 07:34:08 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 07:34:08 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/01/09 07:34:08 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/01/09 07:34:08 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/01/09 07:34:08 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/01/09 07:34:08 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/01/09 07:34:08 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/01/09 07:34:08 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/01/09 07:34:08 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/01/09 07:34:07 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/01/09 07:34:07 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/01/09 07:34:07 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/01/09 07:34:07 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 07:34:07 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/01/09 07:34:07 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/01/09 07:34:07 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/01/09 07:34:07 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/01/09 07:34:06 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/01/09 07:34:06 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/01/09 07:34:05 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/01/09 07:34:03 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/01/09 07:34:03 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/01/09 07:34:03 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/01/09 07:34:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 07:34:03 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/01/09 07:34:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/01/09 07:34:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/01/09 07:34:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/01/09 07:32:23 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/01/09 07:32:21 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/01/09 07:32:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/01/09 07:32:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/01/09 07:32:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/01/09 07:32:19 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/01/09 07:32:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/01/09 07:32:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 07:32:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/01/09 07:32:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/01/09 07:32:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 07:32:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 07:32:15 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 07:32:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 07:32:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 07:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 07:32:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 07:32:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 07:32:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 07:32:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 07:32:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 07:32:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 07:32:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 07:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 07:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 07:32:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 07:32:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 07:32:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 07:32:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 07:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 07:32:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 07:32:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 07:32:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 07:32:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 07:32:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 07:32:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 07:32:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 07:32:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 07:32:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 07:32:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 07:32:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 07:32:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 07:32:08 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 07:32:08 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 07:32:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 07:32:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 07:32:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 07:32:07 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/01/09 07:32:06 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/01/09 07:32:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 07:32:06 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 07:32:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 07:32:06 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 07:32:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/01/09 07:31:07 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2012/07/12 03:28:44 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/06 10:30:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 10:30:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 10:22:16 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/06 10:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/06 10:21:28 | 2386,317,312 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/06 10:09:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/06 09:51:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/05 11:21:07 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/02/05 10:39:15 | 000,001,256 | ---- | M] () -- C:\Users\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/02/05 09:10:21 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/05 09:10:21 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/05 09:10:18 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/04 12:53:10 | 000,000,512 | ---- | M] () -- C:\Users\Serge\Desktop\MBR.dat
[2013/02/04 12:39:29 | 510,929,993 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/03 14:13:57 | 000,000,103 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/03 13:52:25 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/02/03 13:52:15 | 000,000,805 | ---- | M] () -- C:\Users\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2013/02/03 13:52:15 | 000,000,781 | ---- | M] () -- C:\Users\Serge\Desktop\Perfect Uninstaller.lnk
[2013/01/31 15:00:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/31 10:26:28 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/01/31 10:26:19 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/01/31 10:26:18 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/01/31 10:26:17 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/01/31 10:26:13 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2013/01/31 10:26:12 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/01/30 17:15:33 | 000,001,233 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/30 17:14:35 | 001,187,697 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/30 17:08:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/30 16:49:45 | 000,221,799 | ---- | M] () -- C:\ProgramData\1359582436.bdinstall.bin
[2013/01/30 16:33:22 | 000,642,609 | ---- | M] () -- C:\ProgramData\1359581174.bdinstall.bin
[2013/01/29 07:22:58 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\20792594.sys
[2013/01/10 07:18:09 | 000,459,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 07:51:23 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/09 07:51:22 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 15:43:45 | 000,009,216 | ---- | M] () -- C:\Users\Serge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/04 12:53:10 | 000,000,512 | ---- | C] () -- C:\Users\Serge\Desktop\MBR.dat
[2013/02/03 14:13:43 | 000,000,103 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/03 13:52:25 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/02/03 13:52:15 | 000,000,805 | ---- | C] () -- C:\Users\Serge\Application Data\Microsoft\Internet Explorer\Quick Launch\Perfect Uninstaller.lnk
[2013/02/03 13:52:15 | 000,000,781 | ---- | C] () -- C:\Users\Serge\Desktop\Perfect Uninstaller.lnk
[2013/01/30 17:15:29 | 001,187,697 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/30 17:15:29 | 000,001,233 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/30 17:08:33 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2013/01/30 16:49:45 | 000,221,799 | ---- | C] () -- C:\ProgramData\1359582436.bdinstall.bin
[2013/01/30 16:33:22 | 000,642,609 | ---- | C] () -- C:\ProgramData\1359581174.bdinstall.bin
[2012/12/28 13:15:28 | 000,009,216 | ---- | C] () -- C:\Users\Serge\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/18 11:23:00 | 000,206,984 | ---- | C] () -- C:\ProgramData\1347985295.bdinstall.bin
[2012/09/18 11:18:57 | 000,388,739 | ---- | C] () -- C:\ProgramData\1347984830.bdinstall.bin
[2012/06/22 11:16:13 | 000,000,130 | ---- | C] () -- C:\Windows\SysWow64\rpicfica.bin
[2012/06/22 11:10:35 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/05/23 14:56:21 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2012/05/16 14:14:29 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/05/04 09:51:41 | 000,208,233 | ---- | C] () -- C:\Windows\hpoins43.dat
[2012/05/03 12:11:23 | 000,000,075 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2012/04/29 08:33:47 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/11 18:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 18:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 18:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >

AdwCleaner log :

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 11:02:51
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Serge - SERGE-PC
# Boot Mode : Normal
# Running from : C:\Users\Serge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QQVV79WI\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Serge\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [27428 octets] - [03/02/2013 13:58:14]
AdwCleaner[R2].txt - [27631 octets] - [03/02/2013 14:13:22]
AdwCleaner[R3].txt - [1227 octets] - [06/02/2013 11:02:05]
AdwCleaner[S1].txt - [426 octets] - [03/02/2013 14:00:51]
AdwCleaner[S2].txt - [27519 octets] - [03/02/2013 14:13:34]
AdwCleaner[S3].txt - [1409 octets] - [04/02/2013 11:28:32]
AdwCleaner[S4].txt - [388 octets] - [06/02/2013 10:54:49]
AdwCleaner[S5].txt - [1159 octets] - [06/02/2013 11:02:51]
########## EOF - C:\AdwCleaner[S5].txt - [1219 octets] ##########

I hope everything's fine. Thanks again for your help.

Serge
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
06-Feb-2013, 12:58 PM #8
Looks good to me.

How are things now?
Serge2012's Avatar
Serge2012   (Serge) Serge2012 is offline
Member with 14 posts.
THREAD STARTER
 
Join Date: Feb 2013
Location: Langhorne
06-Feb-2013, 01:12 PM #9
adware win.32 pricegong
Hi Satchfan,

It seems to be working fine for now ; no slow down or any freeze and error messages. I guess if I have the same problems again in the weeks or months to come I can use the same programs and similar steps to get rid of these infections, right?

Thanks again for your prompt replies and help.

Serge
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
06-Feb-2013, 01:29 PM #10
Quote:
I guess if I have the same problems again in the weeks or months to come I can use the same programs and similar steps to get rid of these infections, right?
Wrong.

Please dont be tempted to do that as we run specific programs for specific infections.

Also, I had to use a script to fix the most part.

Id like two more scans to be sure all has gone and one of these programs, (Malwarebytes), is one you should keep and run regularly; it really is an excellent program.


Download Malwarebytes-Anti-Malware

Click here
  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

=================================

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan
  • Click the Eset online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the Eset installer icon on your desktop.
  • Check Yes, I accept the Terms of Use
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Note - when ESET doesn't find any threats, no report will be created.
  • Push the back button.
  • Push Finish
If a log has been produced post it in your next reply.

Satchfan
Serge2012's Avatar
Serge2012   (Serge) Serge2012 is offline
Member with 14 posts.
THREAD STARTER
 
Join Date: Feb 2013
Location: Langhorne
07-Feb-2013, 05:23 PM #11
Hi Satchfan,

Sorry for the little delay to write back but I was busy with other stuff. I understand these programs were only used for your scripts to fix the files in my system. I heard about Malwarebytes before but I didn't want to buy another program again, I used the free trial yesterday and this is the log :

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.06.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Serge :: SERGE-PC [administrator]
Protection: Enabled
2/6/2013 2:05:04 PM
mbam-log-2013-02-06 (14-05-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240372
Time elapsed: 22 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\Serge\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
Files Detected: 3
C:\Users\Serge\AppData\Local\Temp\pcp_conduit_setup.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\Serge\AppData\Local\Temp\pcp_conduit_setup[1].exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\Serge\AppData\Roaming\dclogs\2012-10-13-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
(end)


Actually I know ESET online scanner as I run it once in a while on my computer. The only problem is that the scan can last hours and hours... I did the scan yesterday but when I was done I clicked removed infection. I did the scan earlier this morning and it didn't detect new infections. I had a scan result yesterday with 3 detected files, I couldn't find out how to export them to text file...

Thanks and I wait for your feedback.

Serge
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
07-Feb-2013, 07:10 PM #12
Hi Serge2012

Well done, your computer appears to be clean.

Quote:
I did the scan earlier this morning and it didn't detect new infections. I had a scan result yesterday with 3 detected files,
If it found nothing in the latest scan it would appear that Eset dealt with it.

You can uninstall Eset from the Control Panel/Program and Features.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:


Uninstall OTL
  • double-click OTL.exe
  • click the CleanUp! button.
  • select Yes when the Begin cleanup Process? prompt appears.
  • if you are prompted to reboot during the cleanup, select Yes.
  • the tool will delete itself once it finishes, if not delete it by yourself.
NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

Uninstall AdwCleaner
  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.
You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Create a Restore Point

  • click Start, right-click Computer, and then Properties.
  • in the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • click the System Protection tab, and then click Create.
  • in the System Protection dialog box, type a description, and then click Create.
Remove old restore points
  • click the Start button and in the search box, type Disk Cleanup, and then, in the list of results, click Disk Cleanup.
  • if prompted, select the drive that you want to clean up, and then click OK.
  • in the Disk Cleanup for (drive letter) dialog box, click Clean up system files. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • if prompted, select the drive that you want to clean up, and then click OK.
  • click the More Options tab, under System Restore and Shadow Copies, click Clean up.
  • in the Disk Cleanup dialog box, click Delete.
  • click Delete Files, and then click OK.
===================================================

Update and run Malwarebytes. This really is an excellent program that you should update and run on a regular basis, probably weekly.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes


Finally, if your computer has no more problems and you are happy to close this, please click on “Mark Solved” at the top of the page.

Safe computing

Satchfan

Last edited by Satchfan; 08-Feb-2013 at 04:06 AM..
Serge2012's Avatar
Serge2012   (Serge) Serge2012 is offline
Member with 14 posts.
THREAD STARTER
 
Join Date: Feb 2013
Location: Langhorne
08-Feb-2013, 08:28 AM #13
Hi Satchfan,

I'm done with everything now and I removed these programs and created a restore point. I will keep using Malwarebytes and read more about this program.

You've been a great help with everything. Thanks a lot!

Have a nice weekend,

Serge
Satchfan's Avatar
Satchfan Satchfan is offline Satchfan is authorized to help remove malware.
Computer Specs
Malware Removal Specialist with 531 posts.
 
Join Date: Jan 2009
Location: Devon, UK
08-Feb-2013, 01:03 PM #14
Quote:
You've been a great help with everything. Thanks a lot!
You're welcome.

Quote:
Have a nice weekend
You too.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑