1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

AVG Secure Search Must Go

Discussion in 'Virus & Other Malware Removal' started by Verylost, May 24, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    When you say 20%, do you mean it still uses AVG? When you've run the ComboFix, just post it here.

    I'm not here tomorrow, but have the next week off work, so will be here at home from Saturday. Have to use my holidays up, so taking a break to relax and do some work around the house :)

    Hope the graduation goes well, and hope you feel better soon :)
     
  2. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    Ok where was i trying to get am MRI and CT scan for some med issues i have and the red tape is awful to get things ok'd . .

    Don t worry about the 20 % thingy that has to do with ie 9.0 can t connect to web sites and it keeps inserting 20% into the address i type in thats another issue for later . .

    Heres the Malwearbytes log i just ran i hope it didn t miss anything . . . it did delete stuff and i did delete all in Quarantin - Didn t you want OTL to remove some stuff you had a list need that re posted and should i run combo fix again insure nothing was missed . . .

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.07.07
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    pestyone :: PESTYONE-PC [administrator]
    7/7/2012 10:45:44 PM
    mbam-log-2012-07-07 (22-45-44).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Objects scanned: 324403
    Time elapsed: 33 minute(s), 22 second(s)
    Memory Processes Detected: 1
    C:\Users\pestyone\AppData\Local\swpsmom.exe (Trojan.Lameshield) -> 1448 -> Delete on reboot.
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 11
    HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 5
    C:\Users\pestyone\AppData\Local\swpsmom.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Rising\RSD\updater.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Program Files (x86)\Rising\RSD\Backup\RSD\RSSetup\updater.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\ProgramData\F4D55F3B003185BB013C01EBB4EB2367\F4D55F3B003185BB013C01EBB4EB2367.exe (Trojan.Lameshield) -> Quarantined and deleted successfully.
    C:\Users\pestyone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\192e1155-11ed0f12 (Trojan.Lameshield) -> Quarantined and deleted successfully.
    (end)
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Its okay about the delay, as health is more important, and red tape etc is annoying any time :(

    The 20% thing is sometimes when there are spaces in the address, and so IE puts that in (why 20% and never a symbol) to make the space go.

    I see that MBAM removed FunMoods. Do you have the toolbar installed?

    Can you run Combofix as I posted here:

    http://forums.techguy.org/8387448-post43.html

    And post the log :)

    ------

    As for the IE problem, we can try a repair of it, which is easy to do, but I'll wait for the replies on the above. Any time is fine, I'll be here most nights :)

    Take care

    eddie
     
  4. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    Ok trying this again hopefully won t get timed out again grrrrr .

    still seeing conime and conduit on my laptop and can t delete them yet dang it.

    Getting some malwear/ trojan called " lameshield/kiltsr.exe " that keeps coming back to bite me after malwearbytes deletes it but this the 4th time around i am leaving at in quarantine seeing how male can t delete it 100% after it reboots; getting smarter and tired will the mess's ever end finally.

    As for the log you wanted me to insert in combo fix it didn t work but will try again think i missed some don t have note pad so trying word pad don t see how to install note pad yet


    Heres the latest combo log if you see anything let me know maybe i can find and delete the malwear in a search - later and thanks . .

    And how do i get full access so i can open all folders i am the only user thats another problem i can t fix yet . . .


    ComboFix 12-07-10.01 - pestyone 07/10/2012 3:05.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.263.1033.18.4029.2296 [GMT -4:00]
    Running from: c:\users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L0BQQQ72\ComboFix.exe
    AV: Rising Antivirus *Enabled/Updated* {C0AEEC5C-BBDB-2745-3E22-21BEC65323A5}
    SP: Rising Antivirus *Enabled/Updated* {7BCF0DB8-9DE1-28CB-0492-1ACCBDD46918}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    /wow section not completed
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-10 to 2012-07-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-10 06:11 . 2012-07-10 06:11 -------- d-----w- c:\users\pestyone\AppData\Local\Nero
    2012-07-10 05:46 . 2012-07-10 05:47 -------- d-----w- c:\users\pestyone\AppData\Roaming\Nero
    2012-07-10 05:37 . 2012-07-10 05:42 -------- d-----w- c:\program files (x86)\Nero
    2012-07-10 05:37 . 2012-07-10 05:39 -------- d-----w- c:\programdata\Nero
    2012-07-10 05:37 . 2012-07-10 05:45 -------- d-----w- c:\program files (x86)\Common Files\Nero
    2012-07-07 12:40 . 2012-07-07 12:40 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
    2012-07-07 01:45 . 2012-07-08 03:20 -------- d-----w- c:\programdata\F4D55F3B003185BB013C01EBB4EB2367
    2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\users\pestyone\AppData\Roaming\Ashampoo
    2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\users\pestyone\AppData\Local\ashampoo
    2012-07-06 13:39 . 2012-07-06 13:39 -------- d-----w- c:\programdata\ashampoo
    2012-07-06 13:32 . 2012-07-06 13:33 -------- d-----w- c:\users\pestyone\AppData\Roaming\EasyBurner
    2012-07-06 07:45 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AE5325E8-AA59-4065-8A4B-06AAE7E19B9D}\mpengine.dll
    2012-07-04 10:08 . 2012-07-04 10:08 -------- d-----w- c:\users\pestyone\AppData\Local\SumRando
    2012-06-28 19:22 . 2012-06-28 19:22 74352 ----a-w- c:\windows\SysWow64\sslsp104.dll
    2012-06-28 19:21 . 2012-06-28 19:21 75888 ----a-w- c:\windows\system32\sslsp104.dll
    2012-06-21 00:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-21 00:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-21 00:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-21 00:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 00:13 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-21 00:13 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-21 00:13 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 00:13 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-21 00:13 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-12 20:14 . 2012-06-12 20:14 -------- d-----w- c:\users\pestyone\AppData\Local\Conversion Online
    2012-06-12 20:13 . 2012-06-12 20:13 -------- d-----w- c:\program files (x86)\Conversion Online
    2012-06-12 17:46 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-12 17:46 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-12 17:46 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-12 17:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-12 17:41 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-12 17:41 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-12 17:41 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-12 17:41 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-12 17:41 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-12 17:41 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-12 17:41 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-12 17:40 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-12 17:40 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-12 17:40 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-12 17:40 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-12 17:40 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-12 17:40 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\users\pestyone\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-11 08:00 . 2012-07-08 01:43 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-06-11 08:00 . 2012-06-11 08:00 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-06-11 07:49 . 2012-06-11 07:49 -------- d-----w- c:\users\pestyone\AppData\Roaming\DriverCure
    2012-06-11 07:49 . 2012-06-11 07:49 -------- d-----w- c:\users\pestyone\AppData\Roaming\SpeedyPC Software
    2012-06-10 22:15 . 2012-06-10 22:15 -------- d-----w- c:\users\pestyone\Tracing
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-10 08:09 . 2012-04-22 01:47 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-10 08:09 . 2011-12-10 23:04 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-01 20:03 . 2012-06-01 20:03 116016 ----a-w- c:\windows\system32\drivers\15354131.sys
    2012-05-30 04:25 . 2012-05-30 04:25 4101392 ----a-w- c:\windows\uninst.exe
    2012-05-24 12:19 . 2012-05-24 12:19 388096 ----a-r- c:\users\pestyone\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-20 23:24 . 2011-04-18 23:57 345600 ----a-w- c:\windows\SetLCDStretchMode.exe
    2012-05-20 23:23 . 2011-04-18 23:57 407040 ----a-w- c:\windows\HotfixChecker.exe
    2012-05-20 23:20 . 2012-05-20 23:20 4633992 ----a-w- c:\windows\system32\ETDUI.cpl
    2012-05-16 18:07 . 2012-05-16 18:08 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-05-16 18:07 . 2012-05-15 23:52 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-05-14 01:21 . 2012-05-14 01:21 82816 ----a-w- c:\users\pestyone\AppData\Roaming\pcouffin.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-24 6497592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "CleanSetup"="rmdir" [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0 bsmain
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [2010-08-09 166704]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tun3325;VPN Tunnel Adapter;c:\windows\system32\DRIVERS\tun3325.sys [2011-11-17 35056]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-28 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S1 hooksys;hooksys;c:\windows\system32\drivers\Hooksys.sys [2011-11-26 37016]
    S1 HookTdi;HookTdi;c:\windows\system32\drivers\HookTdi.sys [2011-11-26 30360]
    S1 HyperVM;HyperVM;c:\windows\system32\drivers\hvm.sys [2011-11-26 41048]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2011-01-25 60416]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [2012-04-06 8704]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-03-16 389120]
    S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35344]
    S2 RsMgrSvc;Rsd Service;c:\program files (x86)\Rising\RSD\RsMgrSvc.exe [2011-12-06 150168]
    S2 RsRavMon;Rav Service;c:\program files (x86)\Rising\RAV\RavMonD.exe [2011-11-26 264448]
    S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-01 206120]
    S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-01 185640]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-08-10 111616]
    S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-07-08 401696]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-25 11895400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
    "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://www.yahoo.com/?ilc=8
    mLocal Page = c:\windows\SysWOW64\blank.htm
    LSP: c:\windows\system32\sslsp104.dll
    Trusted Zone: extratorrent.com
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\01\02\03\01\010?"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-10 03:07:50
    ComboFix-quarantined-files.txt 2012-07-10 07:07
    .
    Pre-Run: 21,481,127,936 bytes free
    Post-Run: 21,261,000,704 bytes free
    .
    - - End Of File - - 6920FA5F7CB22CC9492233B003208E6B
     
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Lets look a bit deeper, to see if malware is blocking the folders from opening:


    Okay, can you re-run SystemLook using the following code, and post the log:

    Code:
    :filefind
    *Iobit*
    *Funmoods*
    *AVG*
    *Conduit*
    *Advanced Spyware Remover*
    *SystemCare*
    :folderfind
    *Iobit*
    *Funmoods*
    *AVG*
    *Conduit*
    *Advanced Spyware Remover*
    *SystemCare*
    


    -------

    Then, can you post your installed programs as follows:

    Please go here to download HijackThis.
    Save the HijackThis.exe file to your desktop.

    Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.

    --------

    Then, delete the copy of OTL that you have, get a fresh one from here and run as follows. If only the one log is produced, that's fine ;)


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic
     
  6. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    Dang seems to be a lot of crap in these logs that shouldn t be here but not sure what heres the un install list beats me what could get deleted - never used windows live yuk . .

    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    „Windows Live Mail“
    „Windows Live Messenger“
    „Windows Live“ fotogalerija
    7-Zip 9.20
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.3)
    Advertising Center
    aioscnnr
    aioscnnr
    Atheros Client Installation Program
    BatteryLifeExtender
    center
    ConvertXtoDVD 4 english manual
    ConvertXtoDVD 4.1.19.365
    CyberLink YouCam
    CyberLink YouCam
    D3DX10
    DolbyFiles
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    Easy WiFi Radar 1.0.3
    EasyBatteryManager
    EMCO Malware Destroyer 6
    essentials
    Files Terminator Free 2.3.0.4
    Fotogalerija Windows Live
    Freemake Video Converter version 3.0.1
    Freemake Video Downloader
    Galeria de Fotografias do Windows Live
    Galería fotográfica de Windows Live
    Galeria fotografii uslugi Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Google Earth
    Google Update Helper
    HiJackThis
    Intel(R) Rapid Storage Technology
    Java(TM) 6 Update 32
    KODAK AiO Software
    Malwarebytes Anti-Malware version 1.61.0.1400
    Marvell Miniport Driver
    Menu Templates - Starter Kit
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Movie Templates - Starter Kit
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Essentials
    Nero BurnRights
    Nero BurnRights Help
    Nero ControlCenter
    Nero ControlCenter
    Nero CoverDesigner
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express Help
    Nero InfoTool
    Nero Installer
    Nero Online Upgrade
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero Vision Help
    NeroExpress
    neroxml
    ocr
    OpenOffice.org 3.1
    Poczta uslugi Windows Live
    Pošta Windows Live
    PreReq
    Raccolta foto di Windows Live
    Realtek High Definition Audio Driver
    Rising Antivirus
    Rising Software Deployment System
    S?????? f?t???af??? t?? Windows Live
    Samsung AnyWeb Print
    Samsung Recovery Solution 5
    Samsung Support Center 1.0
    Samsung Universal Print Driver
    Samsung Update Plus
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Toolbar Cleaner 1.0
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    User Guide
    Verizon Download Manager
    Visual Studio 2008 x64 Redistributables
    VLC media player 2.0.2
    Windows Live ??
    Windows Live ?? ???
    Windows Live ???
    Windows Live ????
    Windows Live fotoattelu galerija
    Windows Live Fotogaléria
    Windows Live Fotogalerie
    Windows Live Fotogalerie
    Windows Live Foto-galerija
    Windows Live Fotogalleri
    Windows Live Fotograf Galerisi
    Windows Live Fotótár
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live Pošta
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinPcap 4.1.2
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar


    I only have one OTL log and here it is; looking for the first look link then i ll post it here; so 2 of 3 for now so whats going on . . .

    OTL logfile created on: 7/12/2012 2:16:07 AM - Run 3
    OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\pestyone\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Zimbabwe | Language: ENW | Date Format: M/d/yyyy

    3.93 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 57.63% Memory free
    7.87 Gb Paging File | 6.00 Gb Available in Paging File | 76.27% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 113.00 Gb Total Space | 16.30 Gb Free Space | 14.42% Space Free | Partition Type: NTFS
    Drive D: | 166.50 Gb Total Space | 148.48 Gb Free Space | 89.18% Space Free | Partition Type: NTFS

    Computer Name: PESTYONE-PC | User Name: pestyone | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/12 02:15:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\pestyone\Downloads\OTL.exe
    PRC - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    PRC - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
    PRC - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
    PRC - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
    PRC - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
    PRC - [2011/11/26 07:20:56 | 000,178,840 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RsTray.exe
    PRC - [2011/11/26 07:19:22 | 000,123,856 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RSD\popwndexe.exe
    PRC - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe
    PRC - [2011/11/24 03:05:44 | 006,497,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2011/09/04 12:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2010/08/26 21:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    PRC - [2010/08/09 05:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2010/07/27 01:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    PRC - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/24 03:05:40 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2011/11/24 03:05:26 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\pcre.dll
    MOD - [2010/05/07 10:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
    MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2010/09/22 05:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/09 15:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/04/05 20:18:12 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
    SRV - [2012/03/16 14:00:06 | 000,389,120 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
    SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/12/06 08:28:06 | 000,150,168 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe -- (RsMgrSvc)
    SRV - [2011/12/01 06:11:22 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
    SRV - [2011/12/01 06:11:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
    SRV - [2011/11/26 07:16:29 | 000,264,448 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\Rising\RAV\RavMonD.exe -- (RsRavMon)
    SRV - [2010/05/18 15:13:58 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/26 07:16:30 | 000,041,048 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hvm.sys -- (HyperVM)
    DRV:64bit: - [2011/11/26 07:16:29 | 000,037,016 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Hooksys.sys -- (hooksys)
    DRV:64bit: - [2011/11/26 07:16:29 | 000,030,360 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookTdi.sys -- (HookTdi)
    DRV:64bit: - [2011/11/17 14:44:32 | 000,035,056 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tun3325.sys -- (tun3325)
    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 23:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/02/11 17:23:34 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
    DRV:64bit: - [2010/11/23 03:12:00 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/09 22:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/07/08 04:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/04/27 03:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 02:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV - [2011/09/15 07:37:04 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2005/08/03 01:10:12 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf.sys -- (npf)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
    IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {9EE14179-061B-460E-840B-2530D8988107}
    IE - HKCU\..\SearchScopes\{9EE14179-061B-460E-840B-2530D8988107}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 08:17:07 | 000,000,000 | ---D | M]

    [2012/01/07 17:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Extensions
    [2012/05/09 22:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions
    [2012/05/09 22:23:08 | 000,000,000 | ---D | M] (uTorrentControl3 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}
    [2012/04/26 06:04:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2011/12/17 06:20:00 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

    O1 HOSTS File: ([2012/06/01 15:32:06 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)
    O15 - HKCU\..Trusted Domains: extratorrent.com ([]https in Trusted sites)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C93A6E3F-D3AD-4BC2-A1D8-AFDD6A3DB07C}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5874F40-ED48-49D1-97C2-BC417465239C}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (bsmain)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/11 08:17:12 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\AVG Secure Search
    [2012/07/11 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
    [2012/07/11 08:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2012/07/11 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
    [2012/07/11 08:16:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2012/07/11 08:15:07 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\FixCleaner
    [2012/07/11 08:14:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FixCleaner
    [2012/07/11 08:14:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloaded Installers
    [2012/07/10 06:11:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/10 04:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO
    [2012/07/10 04:18:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMCO
    [2012/07/10 02:59:57 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/10 02:11:29 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Nero
    [2012/07/10 01:46:25 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Nero
    [2012/07/10 01:38:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
    [2012/07/10 01:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
    [2012/07/10 01:37:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2012/07/10 01:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
    [2012/07/08 07:41:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2012/07/07 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\{CF7C29A2-06BA-4331-ADE6-34AFA2A1F2C8}
    [2012/07/07 08:40:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
    [2012/07/06 21:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F3B003185BB013C01EBB4EB2367
    [2012/07/06 09:39:44 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\Ashampoo
    [2012/07/06 09:39:26 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\ashampoo
    [2012/07/06 09:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
    [2012/07/06 09:32:03 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Roaming\EasyBurner
    [2012/07/04 06:08:25 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\SumRando
    [2012/07/02 07:29:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012/07/02 03:55:30 | 000,000,000 | -H-D | C] -- C:\Users\pestyone\Documents\Freemake_do_not_remove_this_folder
    [2012/06/30 17:43:32 | 000,000,000 | ---D | C] -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ._files
    [2012/06/28 15:22:04 | 000,074,352 | ---- | C] (SumRando) -- C:\windows\SysWow64\sslsp104.dll
    [2012/06/28 15:21:26 | 000,075,888 | ---- | C] (SumRando) -- C:\windows\SysNative\sslsp104.dll
    [2012/06/12 16:14:17 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\Conversion Online
    [2012/06/12 16:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conversion Online
    [2012/05/13 21:21:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\pestyone\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/07/12 02:13:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/12 02:13:36 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/12 02:05:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/07/12 02:05:17 | 4224,307,200 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/11 08:30:28 | 000,452,131 | ---- | M] () -- C:\Users\pestyone\Desktop\confuciuetext02cnfcs10.pdf
    [2012/07/11 06:35:27 | 000,000,179 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\default.rss
    [2012/07/10 23:08:56 | 005,716,992 | ---- | M] () -- C:\Users\pestyone\Desktop\FAQ_eng.exe
    [2012/07/10 23:07:06 | 012,801,024 | ---- | M] () -- C:\Users\pestyone\Desktop\Win7_Vista_XP_Manual_eng.exe
    [2012/07/10 10:53:49 | 000,000,307 | ---- | M] () -- C:\Users\pestyone\Documents\Ink Cart Order 7-10-12 . . ..rtf
    [2012/07/10 04:18:30 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\EMCO Malware Destroyer 6.lnk
    [2012/07/10 01:38:13 | 000,002,688 | ---- | M] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
    [2012/07/10 01:38:13 | 000,002,664 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/07/08 07:41:25 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/07/08 07:32:10 | 000,000,351 | ---- | M] () -- C:\Users\pestyone\Documents\in and out of vuze - reds.rtf
    [2012/07/08 07:08:22 | 018,886,696 | ---- | M] () -- C:\Users\pestyone\Desktop\Screw the Roses - Send Me the Thorns The Romance and Sexual Sorcery of Sadomasochism.pdf
    [2012/07/07 22:23:43 | 000,001,189 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
    [2012/07/07 02:39:24 | 000,000,802 | ---- | M] () -- C:\Users\pestyone\Documents\Red combos ext drive 7-1-12.rtf
    [2012/07/06 09:31:38 | 000,031,470 | ---- | M] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
    [2012/07/06 09:26:38 | 000,000,798 | ---- | M] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
    [2012/07/02 07:29:04 | 000,002,172 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/07/01 03:43:25 | 065,881,740 | ---- | M] () -- C:\Users\pestyone\Documents\The Kama Sutra Figures in Indian Art.pdf
    [2012/07/01 03:10:28 | 000,000,304 | ---- | M] () -- C:\Users\pestyone\Documents\red groupings 6-30-12.rtf
    [2012/07/01 03:10:22 | 000,000,648 | ---- | M] () -- C:\Users\pestyone\Documents\reds so far 6-23-12.rtf
    [2012/06/30 23:09:05 | 000,004,004 | ---- | M] () -- C:\Users\pestyone\Documents\Wooden bowl.rtf
    [2012/06/30 17:43:32 | 000,026,324 | ---- | M] () -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ..htm
    [2012/06/29 08:46:59 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/06/29 08:46:59 | 000,628,484 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/06/29 08:46:59 | 000,110,636 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/06/28 15:22:04 | 000,074,352 | ---- | M] (SumRando) -- C:\windows\SysWow64\sslsp104.dll
    [2012/06/28 15:21:26 | 000,075,888 | ---- | M] (SumRando) -- C:\windows\SysNative\sslsp104.dll
    [2012/06/25 06:53:21 | 000,002,093 | ---- | M] () -- C:\Users\pestyone\Documents\guy needs help with story 6-25-12.rtf
    [2012/06/19 13:38:23 | 000,001,160 | ---- | M] () -- C:\Users\pestyone\Documents\battery fix.rtf
    [2012/06/13 08:21:47 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\ConvertXtoDVD 4 english manual.lnk
    [2012/06/12 14:04:17 | 000,293,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/07/11 08:30:28 | 000,452,131 | ---- | C] () -- C:\Users\pestyone\Desktop\confuciuetext02cnfcs10.pdf
    [2012/07/10 23:06:12 | 012,801,024 | ---- | C] () -- C:\Users\pestyone\Desktop\Win7_Vista_XP_Manual_eng.exe
    [2012/07/10 23:05:34 | 005,716,992 | ---- | C] () -- C:\Users\pestyone\Desktop\FAQ_eng.exe
    [2012/07/10 10:53:49 | 000,000,307 | ---- | C] () -- C:\Users\pestyone\Documents\Ink Cart Order 7-10-12 . . ..rtf
    [2012/07/10 04:18:30 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\EMCO Malware Destroyer 6.lnk
    [2012/07/10 02:11:41 | 000,000,179 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\default.rss
    [2012/07/10 01:38:13 | 000,002,688 | ---- | C] () -- C:\Users\pestyone\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk
    [2012/07/10 01:38:13 | 000,002,664 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
    [2012/07/08 07:41:25 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2012/07/08 07:32:09 | 000,000,351 | ---- | C] () -- C:\Users\pestyone\Documents\in and out of vuze - reds.rtf
    [2012/07/08 07:08:21 | 018,886,696 | ---- | C] () -- C:\Users\pestyone\Desktop\Screw the Roses - Send Me the Thorns The Romance and Sexual Sorcery of Sadomasochism.pdf
    [2012/07/06 09:31:40 | 000,031,470 | ---- | C] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
    [2012/07/02 07:29:04 | 000,002,172 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2012/07/01 05:51:44 | 000,000,802 | ---- | C] () -- C:\Users\pestyone\Documents\Red combos ext drive 7-1-12.rtf
    [2012/07/01 03:43:25 | 065,881,740 | ---- | C] () -- C:\Users\pestyone\Documents\The Kama Sutra Figures in Indian Art.pdf
    [2012/06/30 23:03:24 | 000,004,004 | ---- | C] () -- C:\Users\pestyone\Documents\Wooden bowl.rtf
    [2012/06/30 19:29:41 | 000,000,304 | ---- | C] () -- C:\Users\pestyone\Documents\red groupings 6-30-12.rtf
    [2012/06/30 17:43:31 | 000,026,324 | ---- | C] () -- C:\Users\pestyone\Documents\Tooth less grin 6- 30 - 12 . ..htm
    [2012/06/25 06:53:21 | 000,002,093 | ---- | C] () -- C:\Users\pestyone\Documents\guy needs help with story 6-25-12.rtf
    [2012/06/23 06:43:32 | 000,000,648 | ---- | C] () -- C:\Users\pestyone\Documents\reds so far 6-23-12.rtf
    [2012/05/24 16:29:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/05/24 16:29:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/05/24 16:29:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/05/24 16:29:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/05/24 16:29:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/05/14 06:38:32 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_en.bmp
    [2012/05/14 06:38:08 | 000,043,976 | ---- | C] () -- C:\Users\pestyone\AppData\Local\save_es.bmp
    [2012/05/13 21:21:39 | 000,007,859 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.cat
    [2012/05/13 21:21:39 | 000,001,167 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\pcouffin.inf
    [2012/05/10 00:16:52 | 000,000,798 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\burnaware.ini
    [2012/05/07 23:50:54 | 000,001,189 | ---- | C] () -- C:\Users\pestyone\AppData\Roaming\vso_ts_preview.xml
    [2012/04/13 06:47:12 | 000,000,600 | ---- | C] () -- C:\Users\pestyone\PUTTY.RND
    [2011/11/26 07:18:11 | 000,000,134 | ---- | C] () -- C:\windows\SysWow64\BsMain.ini
    [2011/11/26 03:25:39 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2011/11/26 00:13:05 | 000,484,656 | ---- | C] () -- C:\windows\ssndii.exe
    [2011/11/26 00:12:48 | 000,258,864 | ---- | C] () -- C:\windows\SUPDRun.exe
    [2011/04/18 21:13:20 | 000,134,592 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
    [2011/04/18 20:50:28 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
    [2011/04/18 19:25:03 | 000,005,931 | ---- | C] () -- C:\windows\HotFixList.ini
    [2011/02/11 23:15:08 | 000,982,240 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
    [2011/02/11 23:15:08 | 000,439,308 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
    [2011/02/11 23:15:08 | 000,092,356 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
    [2011/02/11 17:23:34 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll

    ========== LOP Check ==========

    [2012/05/31 04:45:37 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\AbiSuite
    [2012/07/06 09:39:44 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Ashampoo
    [2012/01/07 22:01:33 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Avant Downloader
    [2012/05/26 06:34:42 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Curiolab
    [2012/06/11 03:49:08 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\DriverCure
    [2012/05/26 18:06:14 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\DVDVideoSoft
    [2012/07/06 09:33:19 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\EasyBurner
    [2012/07/11 08:15:23 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\FixCleaner
    [2012/05/07 13:05:25 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Free Media Converter
    [2012/05/11 00:27:02 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\IrfanView
    [2012/06/11 03:03:12 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\JAM Software
    [2012/05/17 15:34:20 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\KastorVideoConverter
    [2012/05/10 04:08:57 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\mkvtoolnix
    [2012/01/07 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Moonchild Productions
    [2012/05/15 19:59:04 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\OfficeSuiteX
    [2012/05/16 00:24:41 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\OpenOffice.org
    [2012/05/30 00:25:52 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\PC Cleaners
    [2012/05/30 00:25:54 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\PCPro
    [2012/05/09 19:07:22 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\QuickZip
    [2011/11/26 00:12:24 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Samsung
    [2012/05/14 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\SoftGrid Client
    [2012/06/11 03:49:07 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\SpeedyPC Software
    [2012/05/21 13:24:50 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\TeamViewer
    [2012/04/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Temp
    [2012/05/06 02:13:51 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\TP
    [2012/05/14 22:49:44 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\Windows Live Writer
    [2012/05/17 15:14:39 | 000,000,000 | ---D | M] -- C:\Users\pestyone\AppData\Roaming\XMedia Recode
    [2012/05/16 13:56:29 | 000,032,654 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
  7. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    Ok this is getting serious and very annoying ; A V G popped back in for a quick visit and i hope i deleted it fast and now i have some crap from AVG called toolbarupdater.ex . .

    Getting very tired of this and nothing is getting fix ed so if you don t have one big huge idea to fix my many mess's guess the only thing to do is call a techy to my house and fix the bloody mess is their any fix in sight from your end ?
     
  8. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    Ok managed to delete avg search again and something called vpot whats with that crap; do you see anything blocking me or programs and what malwear do you see it the logs and how do i delete that crap.

    now what did you want me to re post i will look still here . .
     
  9. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    Ok you asked for a sys look log hope this looks like it found junk - later . .


    SystemLook 30.07.11 by jpshortstuff
    Log created at 09:10 on 14/07/2012 by pestyone
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
    ========== filefind ==========
    Searching for "*Iobit*"
    No files found.
    Searching for "*Funmoods*"
    C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx --a---- 31470 bytes [13:31 06/07/2012] [13:31 06/07/2012] BC64C97573527DDBC0F6522A28E6C96E
    Searching for "*AVG*"
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3FR53UHC\1054434-avg-secure-search-must-go-4[1].htm --a---- 191096 bytes [13:09 14/07/2012] [13:09 14/07/2012] 123F01F98B0B7608AF38C30857613017
    Searching for "*Conduit*"
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml --a---- 192 bytes [03:38 08/05/2012] [11:41 11/05/2012] F159884E3BCD46C383F9086F4BF788C1
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml --a---- 188 bytes [13:53 11/05/2012] [13:53 11/05/2012] E2A87E535CF5282072AA46166D27D1DF
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [02:23 10/05/2012] [06:04 18/04/2012] 806EA6CC4DCBF88A20AA3331BCDC9918
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml --a---- 935 bytes [02:23 10/05/2012] [06:04 18/04/2012] EA3447EB2DF2363DF9B9CB0429342219
    Searching for "*Advanced Spyware Remover*"
    No files found.
    Searching for "*SystemCare*"
    No files found.
    ========== folderfind ==========
    Searching for "*Iobit*"
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [16:19 11/05/2012]
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit d------ [16:19 11/05/2012]
    Searching for "*Funmoods*"
    No folders found.
    Searching for "*AVG*"
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search d------ [20:35 13/05/2012]
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search d------ [20:35 13/05/2012]
    C:\Users\pestyone\AppData\Local\AVG Secure Search d------ [12:17 11/07/2012]
    C:\Users\pestyone\AppData\Local\VS Revo Group\Revo Uninstaller Pro\BackUpsData\AVG Internet Security-26052012-125319 d------ [16:53 26/05/2012]
    Searching for "*Conduit*"
    C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit d------ [03:35 08/05/2012]
    C:\Users\pestyone\AppData\LocalLow\Conduit d------ [03:35 08/05/2012]
    C:\Users\pestyone\AppData\LocalLow\ConduitEngine d------ [13:39 06/07/2012]
    Searching for "*Advanced Spyware Remover*"
    No folders found.
    Searching for "*SystemCare*"
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [16:19 11/05/2012]
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 d------ [16:19 11/05/2012]
    -= EOF =-
     
  10. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Well, your Java is out of date, so you can update that, but its not related to the AVG problem.

    Your Java is out of date, so lets do that next:

    Upgrade Java : (32 bits)
    • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 5 .
    • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
    • Accept License Agreement.[/b]".
    • Click on the link to download Windows Offline Installation 32 bit ( jre-7u5-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java version.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u5-windows-i586.exe and select "Run as an Administrator.")
    • Don't install any of the toolbars that are offered.


    After doing the above, for the remains of the Java, can you do this:

    Open Java in the Control Panel and under the General tab, under Temporary Internet Files, click the Settings button. Then click on Delete Files.

    Make sure both of these options are checked:

    • Applications and Applets
    • Trace and Log Files
    OK out of all the screens. :)


    ---------------

    Also, did you install this?

    EMCO Malware Destroyer 6

    ====================
    The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
    Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

    Backing Up Your Registry
    1. Download ERUNT
      (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
    2. Install ERUNT by following the prompts
      (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
    3. Start ERUNT
      (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
    4. Choose a location for the backup
      (the default location is C:\WINDOWS\ERDNT which is acceptable).
    5. Make sure that at least the first two check boxes are ticked
    6. Press OK
    7. Press YES to create the folder.
    [​IMG]
    Registry Modifications

    --

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      Code:
      :OTL
      PRC - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
      SRV - [2012/07/11 08:16:48 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
      IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt...ctid=CT2475029
      FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
      FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
      FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
      FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
      [2012/05/09 22:23:08 | 000,000,000 | ---D | M] (uTorrentControl3 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}
      [2012/04/26 06:04:53 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
      [2011/12/17 06:20:00 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/11 08:17:07 | 000,000,000 | ---D | M]
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
      O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
      O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
      [2012/07/11 08:17:12 | 000,000,000 | ---D | C] -- C:\Users\pestyone\AppData\Local\AVG Secure Search
      [2012/07/11 08:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
      [2012/07/11 08:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
      [2012/07/11 08:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
      [2012/07/06 09:31:38 | 000,031,470 | ---- | M] () -- C:\Users\pestyone\AppData\Local\funmoods.crx
      :Files
      C:\Program Files (x86)\Common Files\AVG Secure Search
      C:\ProgramData\AVG Secure Search
      C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx
      C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml
      C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml
      C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt
      C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml
      C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
      C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit
      C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
      C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
      C:\Users\pestyone\AppData\Local\AVG Secure Search
      C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit
      C:\Users\pestyone\AppData\LocalLow\Conduit
      C:\Users\pestyone\AppData\LocalLow\ConduitEngine
      C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5
      C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5
      ipconfig /flushdns /c
      :Commands 
      [purity] 
      [resethosts] 
      [emptytemp] 
      [emptyjava]
      [EMPTYFLASH] 
      [CREATERESTOREPOINT] 
      [Reboot]
    • Then click the Run Fix button at the top
    • Click OK.
    • OTL may ask to reboot the machine. Please do so if asked.
    • The report should appear in Notepad after the reboot. Copy/Paste the report in your next reply.

    ----------------------------

    You also have a file that is not found anywhere running on your system. Can you upload a copy of it for me to check further. In case you're wondering where I saw it, its in your OTL log here:

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)


    ----

    Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

    Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

    please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

    Let me know when its uploaded :)
     
  11. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    Ok what fun updated jave but not sure if it worked got no confrimation.

    Did the ERUNT thingy wonder how that worked hum .

    And heres the OTL log . .

    Working on trying to find the files you posted and re post here - later . .

    All processes killed
    ========== OTL ==========
    No active process named ToolbarUpdater.exe was found!
    Error: No service named vToolbarUpdater11.2.0 was found to stop!
    Service\Driver key vToolbarUpdater11.2.0 not found.
    File C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin\ deleted successfully.
    File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\modules folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\META-INF folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\defaults folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\chrome folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a} folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
    C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
    File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
    C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
    File Protocol\Handler\viprotocol - No CLSID value found not found.
    File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
    File C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll not found.
    C:\Users\pestyone\AppData\Local\AVG Secure Search\SiteSafety folder moved successfully.
    C:\Users\pestyone\AppData\Local\AVG Secure Search folder moved successfully.
    Folder C:\ProgramData\AVG Secure Search\ not found.
    Folder C:\Program Files (x86)\Common Files\AVG Secure Search\ not found.
    Folder C:\Program Files (x86)\AVG Secure Search\ not found.
    File C:\Users\pestyone\AppData\Local\funmoods.crx not found.
    ========== FILES ==========
    File\Folder C:\Program Files (x86)\Common Files\AVG Secure Search not found.
    File\Folder C:\ProgramData\AVG Secure Search not found.
    C:\$WINDOWS.~Q\DATA\Users\pestyone\AppData\Local\funmoods.crx moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1463702_1459356_US.xml moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_US.xml moved successfully.
    File\Folder C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\components\ConduitAutoCompleteSearch.xpt not found.
    File\Folder C:\Users\pestyone\AppData\Roaming\Mozilla\Firefox\extensions\{46a3135d-3683-48cf-b94c-82655cbc0e8a}\searchplugin\conduit.xml not found.
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit folder moved successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit folder moved successfully.
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search\cache folder moved successfully.
    C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search folder moved successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search\cache folder moved successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search folder moved successfully.
    File\Folder C:\Users\pestyone\AppData\Local\AVG Secure Search not found.
    C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
    C:\System Volume Information\SystemRestore\FRStaging\Users\pestyone\AppData\LocalLow\Conduit folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Log folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Feeds folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\light folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\dark folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts\Dialogs folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit\Community Alerts folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\Conduit folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\ConduitEngine\MyStuffApps folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\ConduitEngine\Logs folder moved successfully.
    C:\Users\pestyone\AppData\LocalLow\ConduitEngine folder moved successfully.
    File\Folder C:\$WINDOWS.~Q\DATA\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 not found.
    C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare V5 folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\pestyone\Downloads\cmd.bat deleted successfully.
    C:\Users\pestyone\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: pestyone
    ->Temp folder emptied: 37763285 bytes
    ->Temporary Internet Files folder emptied: 25400588 bytes
    ->Java cache emptied: 285785 bytes
    ->Flash cache emptied: 930 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 366678 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 61.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: pestyone
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: pestyone
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.54.0 log created on 07162012_052135
    Files\Folders moved on Reboot...
    C:\Users\pestyone\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\1054434-avg-secure-search-must-go-4[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[2].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\DtCol[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[2].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[3].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[1] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[2] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[3] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[4] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\01[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5275251235[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5543162843[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[3].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[4].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\data_sync[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\DtCol[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[2].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[1] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[2] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\8151466274[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\ff2[5].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\md[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\newattachment[2].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\storage[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\st[1] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\welcome[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\_;mtfIFrameRequest=false;ord=1342427648[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\5150153640[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\abmw[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\clk[1].htm moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[1] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[2] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[3] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[4] moved successfully.
    C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\welcome[2].htm moved successfully.
    PendingFileRenameOperations files...
    File C:\Users\pestyone\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\1054434-avg-secure-search-must-go-4[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\aceUAC[2].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\DtCol[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[2].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\ff2[3].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[1] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[2] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[3] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TI752UZR\st[4] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\01[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5275251235[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\5543162843[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[3].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\ads[4].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\data_sync[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\DtCol[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\getInPage[2].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[1] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LXUYOT1T\st[2] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\8151466274[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\ff2[5].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\md[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\newattachment[2].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\storage[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\st[1] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\welcome[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DPVD5AGV\_;mtfIFrameRequest=false;ord=1342427648[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\5150153640[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\abmw[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\clk[1].htm not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[1] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[2] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[3] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\st[4] not found!
    File C:\Users\pestyone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75JK198V\welcome[2].htm not found!
    Registry entries deleted on Reboot...
     
  12. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    awww not that file packer again getting tired need a short break things are getting worse on this end the files you wanted ; the 6 of them i can t find them - later

    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000038 - C:\windows\SysNative\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\windows\SysWow64\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\windows\SysWow64\sslsp104.dll (SumRando)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\windows\SysWow64\sslsp104.dll (SumRando)
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    28,770
    Just reading here:

    http://forums.techguy.org/networking/1061229-wifi-yellow-icon-but-connected.html

    You said you're getting messages about Rootkit.0Access and Trojan.Dropper.BCMiner. When have you been getting the Rookit messages? I thought it was just AVG search to remove. Which programs are telling you about the rootkit message?

    None of the tools we've used mention this, least not in any of the logs you posted.

    I know you don't want to use the sfp tool again, but the file that you have on your system, is not found anywhere, and running from where it is, could be the key to the infection. Its just the one file, so if you can do this, I can check the file fully:

    Download suspicious file packer from http://www.safer-networking.org/en/tools/index.html (direct download http://www.safer-networking.org/files/sfp.zip )

    Unzip it to desktop, open it & paste in the contents of the quote box below, press next & it will create an archive (zip/cab file) on desktop

    please upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so we can examine the files

    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, When the file is listed in the windows press send to upload the file

    -------------

    Also, as its Zero Access you get message about, can you do this again with ComboFix:

    Delete any copies of Combofix that you have.

    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! As you download it rename it to username123.exe and save it to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      • Remember to re-enable the protection again afterwards before connecting to the Internet.
    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  14. Verylost

    Verylost Thread Starter

    Joined:
    Jul 15, 2010
    Messages:
    207
    awww crap- dang tryed 2x to post here and bring you up to date but both times have been logged out by this site so one more short try; google " Bad Pool Health " and you ll see the only fix is recovery - stressed out and tired over re formatting and re loading software bk on my PC . .

    Later . .
     
  15. etaf

    etaf Wayne Moderator

    Joined:
    Oct 2, 2003
    Messages:
    55,895
    please up date the post - that samsung have now been involved and restored the PC - and explain exactly what that means so we know the full details and if you still require service from this site , can continue to help.

    I would also suggest as you are concerned about the time taken here, you look for an alternative solution for your problem such as the local shop you mentioned to me in a PM or other sites where you pay for the service.

    This site will continue to operate the policy of only authorised malware advisor's operate here and that we will not allow multiple people to answer questions as from our experience that will cause more issues to the posters pc then resolve the issue
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1054434