1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Used Forums To Fix-It-MyselfBut Need Help

Discussion in 'Virus & Other Malware Removal' started by Johnners, Dec 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    I love the way the Techs here try to help everyone. I tried using the Forums to remove the malware, adware, and viruses from my computer. By using your methods I have cleaned up my laptop pretty well but there are still some issues. I would appreciate your help very much.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Home Edition, Service Pack 3, 32 bit
    Processor: Intel(R) Celeron(R) M processor 1.70GHz, x86 Family 6 Model 13 Stepping 8
    Processor Count: 1
    RAM: 446 Mb
    Graphics Card: ATI RADEON XPRESS 200M Series, 64 Mb
    Hard Drives: C: Total - 76067 MB, Free - 47492 MB;
    Motherboard: ATI, SB450
    Antivirus: AVG Anti-Virus Free, Updated: Yes, On-Demand Scanner: Enabled

    Here is my HiJackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 5:21:50 PM, on 12/8/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\TPSMain.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\StorageSync\StrgSync.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\john\Desktop\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk.disabled
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1271279341734
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    --
    End of file - 9280 bytes
     
  2. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there and sorry for the delay.
    If you still need help

    [​IMG]
    Download DDS and save it to your desktop from here or here or here.
    Disable any script blocker, and then double click dds to run the tool.
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop.
    Please post both in your next reply



    Please download Gmer from here and save it to your Desktop.
    • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      [​IMG]
      Click the image to enlarge it


    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    Hi Larusso,

    I appreciate your help. I will send the DDS logs first. I made some changes since I first posted a reqest for help. Do you want another HiJackThis log?
     
  4. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    Hi Larusso,

    Here are the DDS Logs.

    -Johnners
     

    Attached Files:

  5. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    Hi Larusso,

    Here is the GMER file.

    -Johnners
     

    Attached Files:

    • ark.txt
      File size:
      7.9 KB
      Views:
      1
  6. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



    I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix




    Your logs appears clean, any problems with this system ?
     
  7. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    Hi Daniel,

    The system is slow most of the time and often locks up. Part of the time I don't experience any problems at all. I have been running Task Manager to watch what the system is doing while I am using this computer. The programs stop responding. It is not just Internet Explorer that locks up. If I click on something else it takes a while for the computer to respond. If I choose end task in Task Manager, it takes a while to end the program (and even longer for the error report window to go away). This computer is slower than it should be. It locks up and takes a long time to respond to commands (if it does at all). Task Manager shows good System Idle Process (99) and CPU Usage when the computer is active seems to be normal.

    Daniel, I am sorry I am not able to explain my computer problems using the correct words and terms. I know my computer is not working properly. Any help you can give me will be greatly appreciated. (I promise to follow your instructions and to ask questions if I don't understand an instruction.)

    Thank you!
     
  8. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,

    There can be several reasons for a slow Computer.
    Could you post me all available logs from all tools you ran ?
     
  9. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    Daniel,

    I deleted the logs I ran when I was trying to fix my computer without help. Please give me the links for the logs you would like to see and I will rerun them and post them here for you to see.

    Thank You! -Johnners
     
  10. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    I wanted to have a look what has been removed / found on your system. :)



    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please post in your next reply
    TDSSKiller Log
     
  11. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    Daniel,

    Here is the TDSSKiller Log.

    -Johnners
     

    Attached Files:

  12. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    Please do not attach logs - it is easier for reference if they are simply posted into the thread - thanks.


    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications


    ====================================================


    Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.



    Please post in your next reply
    Combofix.txt
     
  13. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    ComboFix 11-12-15.02 - john 12/15/2011 17:30:21.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.210 [GMT -8:00]
    Running from: c:\documents and settings\john\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-16 to 2011-12-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-12 20:48 . 2011-12-12 20:48 -------- d-----w- c:\documents and settings\john\Application Data\AVG Secure Search
    2011-12-12 18:35 . 2008-04-14 01:12 193024 -c--a-w- c:\windows\system32\dllcache\fsquirt.exe
    2011-12-12 17:10 . 2011-12-12 17:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2011-12-12 17:10 . 2011-12-12 17:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
    2011-12-12 17:09 . 2011-12-12 17:09 -------- d-----w- c:\program files\Common Files\AVG Secure Search
    2011-12-12 17:09 . 2011-12-12 17:11 -------- d-----w- c:\program files\AVG Secure Search
    2011-12-07 07:11 . 2011-12-07 07:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-12-07 06:41 . 2011-12-07 06:41 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
    2011-12-07 04:05 . 2011-12-07 04:05 -------- d-----w- c:\documents and settings\john\Application Data\Malwarebytes
    2011-12-07 04:05 . 2011-12-07 04:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-12-07 04:05 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-07 04:05 . 2011-12-07 04:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-07 01:55 . 2011-12-07 01:55 -------- d-----w- c:\documents and settings\john\Application Data\SUPERAntiSpyware.com
    2011-12-07 01:53 . 2011-12-16 00:25 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-12-07 01:53 . 2011-12-07 01:53 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-12-06 23:59 . 2011-12-07 00:00 -------- d-----w- c:\program files\CCleaner
    2011-12-06 23:02 . 2011-12-13 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-12-06 23:02 . 2011-12-07 15:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-06 21:47 . 2009-11-15 07:18 29712 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2011-11-23 13:25 . 2005-11-05 00:53 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2005-11-05 00:53 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2005-11-05 00:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2005-11-05 00:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2005-11-05 00:52 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07 . 2005-11-05 00:53 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2005-11-05 00:52 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:33 . 2005-11-05 00:53 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2005-11-05 00:52 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2005-11-05 02:28 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2005-11-05 00:52 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 19:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 19:41 . 2005-11-05 00:53 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 19:41 . 2005-11-05 00:53 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_00.30.03 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-12-16 00:18 . 2011-12-16 00:18 16384 c:\windows\Temp\Perflib_Perfdata_e64.dat
    - 2009-11-15 06:58 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    + 2009-11-15 06:58 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    + 2011-12-10 01:59 . 2001-08-18 06:36 32768 c:\windows\system32\spool\drivers\w32x86\3\HPFUI50.DLL
    + 2011-12-10 01:59 . 2008-04-14 01:11 87552 c:\windows\system32\spool\drivers\w32x86\3\HPFUD50.DLL
    + 2005-11-05 00:52 . 2011-11-04 19:20 66560 c:\windows\system32\mshtmled.dll
    - 2005-11-05 00:52 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 11:31 . 2011-11-04 19:20 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 11:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
    + 2005-11-05 00:52 . 2011-11-04 19:20 25600 c:\windows\system32\jsproxy.dll
    - 2005-11-05 00:52 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
    - 2005-11-05 03:05 . 2008-04-13 18:45 26368 c:\windows\system32\drivers\USBSTOR.SYS
    + 2005-11-05 03:05 . 2008-04-13 19:45 26368 c:\windows\system32\drivers\USBSTOR.SYS
    - 2004-08-03 22:59 . 2008-04-13 18:40 36352 c:\windows\system32\drivers\disk.sys
    + 2004-08-03 22:59 . 2008-04-13 19:40 36352 c:\windows\system32\drivers\disk.sys
    + 2010-03-15 02:29 . 2011-11-04 19:20 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2010-03-15 02:29 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-09-25 05:56 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2009-09-25 05:56 . 2011-11-04 19:20 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2010-03-15 02:29 . 2011-11-04 19:20 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2010-03-15 02:29 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-03-08 11:34 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
    + 2009-03-08 11:34 . 2011-11-04 19:20 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2009-09-25 05:56 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2009-09-25 05:56 . 2011-11-04 19:20 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2009-12-14 07:08 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2009-12-14 07:08 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2005-11-05 02:31 . 2010-04-03 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2005-11-05 02:31 . 2011-12-12 17:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2005-11-05 02:31 . 2010-04-03 04:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2005-11-05 02:31 . 2011-12-12 17:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2011-12-12 17:10 . 2011-12-12 17:10 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
    + 2005-12-01 18:35 . 2011-12-15 01:42 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
    + 2010-03-10 05:10 . 2011-12-15 01:41 35088 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\oisicon.exe
    - 2010-03-10 05:10 . 2011-12-07 07:24 35088 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\oisicon.exe
    - 2010-03-10 05:10 . 2011-12-07 07:24 18704 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\mspicons.exe
    + 2010-03-10 05:10 . 2011-12-15 01:41 18704 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\mspicons.exe
    - 2010-03-10 05:10 . 2011-12-07 07:24 20240 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\cagicon.exe
    + 2010-03-10 05:10 . 2011-12-15 01:41 20240 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\cagicon.exe
    + 2011-12-15 01:47 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    - 2005-12-01 18:35 . 2011-12-07 07:22 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
    - 2005-11-05 00:53 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
    + 2005-11-05 00:53 . 2011-11-04 19:20 105984 c:\windows\system32\url.dll
    + 2010-03-13 02:26 . 2008-04-14 01:12 373248 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.DLL
    - 2010-03-13 02:26 . 2008-04-14 00:12 373248 c:\windows\system32\spool\drivers\w32x86\3\UNIDRV.dll
    + 2011-12-10 01:59 . 2001-08-18 06:36 435200 c:\windows\system32\spool\drivers\w32x86\3\HPF900AL.DLL
    - 2005-11-05 00:53 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
    + 2005-11-05 00:53 . 2011-11-04 19:20 206848 c:\windows\system32\occache.dll
    - 2005-11-05 00:52 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
    + 2005-11-05 00:52 . 2011-11-04 19:20 611840 c:\windows\system32\mstime.dll
    + 2009-03-08 11:32 . 2011-11-04 19:20 602112 c:\windows\system32\msfeeds.dll
    - 2009-03-08 11:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
    - 2005-11-05 00:52 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
    + 2005-11-05 00:52 . 2011-11-04 19:20 184320 c:\windows\system32\iepeers.dll
    - 2005-11-05 00:52 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
    + 2005-11-05 00:52 . 2011-11-04 19:20 387584 c:\windows\system32\iedkcs32.dll
    + 2005-11-05 00:52 . 2011-11-04 11:24 174080 c:\windows\system32\ie4uinit.exe
    - 2005-11-05 00:52 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
    - 2005-11-04 18:22 . 2011-12-07 15:08 185016 c:\windows\system32\FNTCACHE.DAT
    + 2011-12-13 18:17 . 2011-12-15 01:50 185016 c:\windows\system32\FNTCACHE.DAT
    + 2009-09-25 05:56 . 2011-11-04 19:20 916992 c:\windows\system32\dllcache\wininet.dll
    + 2009-03-08 11:34 . 2011-11-04 19:20 105984 c:\windows\system32\dllcache\url.dll
    - 2009-03-08 11:34 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
    + 2009-03-08 11:34 . 2011-11-04 19:20 206848 c:\windows\system32\dllcache\occache.dll
    - 2009-03-08 11:34 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
    + 2009-09-25 05:56 . 2011-11-04 19:20 611840 c:\windows\system32\dllcache\mstime.dll
    - 2009-09-25 05:56 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
    - 2010-03-15 02:29 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2010-03-15 02:29 . 2011-11-04 19:20 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2010-03-15 02:29 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2010-03-15 02:29 . 2011-11-04 19:20 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-09-25 05:56 . 2011-11-04 19:20 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2009-09-25 05:56 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2010-06-11 19:03 . 2011-11-04 19:20 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2010-06-11 19:03 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
    - 2009-03-08 21:09 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-03-08 21:09 . 2011-11-04 19:20 387584 c:\windows\system32\dllcache\iedkcs32.dll
    + 2009-03-08 11:32 . 2011-11-04 11:24 174080 c:\windows\system32\dllcache\ie4uinit.exe
    - 2009-03-08 11:32 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
    - 2011-02-09 13:53 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
    + 2011-02-09 13:53 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
    - 2005-12-01 18:35 . 2011-12-07 07:22 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
    + 2005-12-01 18:35 . 2011-12-15 01:42 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2005-12-01 18:35 . 2011-12-07 07:22 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
    - 2010-03-10 05:10 . 2011-12-07 07:24 888080 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\wordicon.exe
    + 2010-03-10 05:10 . 2011-12-15 01:41 888080 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\wordicon.exe
    - 2010-03-10 05:10 . 2011-12-07 07:24 217864 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\misc.exe
    + 2010-03-10 05:10 . 2011-12-15 01:41 217864 c:\windows\Installer\{91120000-002B-0000-0000-0000000FF1CE}\misc.exe
    + 2011-12-15 01:47 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2011-12-15 01:47 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2011-12-15 01:47 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2011-12-15 01:47 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2011-12-15 01:47 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2005-11-05 00:53 . 2011-11-04 19:20 1212416 c:\windows\system32\urlmon.dll
    - 2005-11-05 00:53 . 2011-08-22 23:48 1212416 c:\windows\system32\urlmon.dll
    + 2005-11-05 00:52 . 2011-11-04 19:20 5978112 c:\windows\system32\mshtml.dll
    + 2009-03-08 11:32 . 2011-11-04 19:20 2000384 c:\windows\system32\iertutil.dll
    - 2009-03-08 11:32 . 2011-08-22 23:48 2000384 c:\windows\system32\iertutil.dll
    + 2009-08-14 13:21 . 2011-11-23 13:25 1859584 c:\windows\system32\dllcache\win32k.sys
    + 2009-09-25 05:56 . 2011-11-04 19:20 1212416 c:\windows\system32\dllcache\urlmon.dll
    - 2009-09-25 05:56 . 2011-08-22 23:48 1212416 c:\windows\system32\dllcache\urlmon.dll
    + 2010-07-16 12:05 . 2011-11-01 16:07 1288704 c:\windows\system32\dllcache\ole32.dll
    - 2009-11-15 07:03 . 2010-12-09 13:38 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    + 2009-11-15 07:03 . 2011-10-25 13:33 2192768 c:\windows\system32\dllcache\ntoskrnl.exe
    - 2009-11-15 07:03 . 2010-12-09 13:07 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2009-11-15 07:03 . 2011-10-25 12:52 2027008 c:\windows\system32\dllcache\ntkrpamp.exe
    + 2009-02-08 03:02 . 2011-10-25 12:52 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    - 2009-02-08 03:02 . 2010-12-09 13:07 2069376 c:\windows\system32\dllcache\ntkrnlpa.exe
    + 2009-11-15 07:03 . 2011-10-25 13:37 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    - 2009-11-15 07:03 . 2010-12-09 13:42 2148864 c:\windows\system32\dllcache\ntkrnlmp.exe
    + 2009-09-25 05:56 . 2011-11-04 19:20 5978112 c:\windows\system32\dllcache\mshtml.dll
    + 2010-03-15 02:29 . 2011-11-04 19:20 2000384 c:\windows\system32\dllcache\iertutil.dll
    - 2010-03-15 02:29 . 2011-08-22 23:48 2000384 c:\windows\system32\dllcache\iertutil.dll
    + 2011-10-30 07:10 . 2011-10-30 07:10 6824960 c:\windows\Installer\23f526.msp
    + 2011-11-01 21:34 . 2011-11-01 21:34 2531840 c:\windows\Installer\23f514.msp
    + 2011-11-17 18:55 . 2011-11-17 18:55 5522944 c:\windows\Installer\23f506.msp
    + 2011-11-12 00:15 . 2011-11-12 00:15 1795584 c:\windows\Installer\23f4f4.msp
    + 2011-12-15 01:37 . 2011-12-15 01:37 1067008 c:\windows\Installer\23f4e7.msi
    + 2011-11-12 00:16 . 2011-11-12 00:16 8458240 c:\windows\Installer\23f4e1.msp
    + 2009-04-03 04:44 . 2009-04-03 04:44 2532224 c:\windows\Installer\$PatchCache$\Managed\00002119B20000000000000000F01FEC\12.0.6425\GRAPH.EXE
    + 2011-12-15 01:47 . 2011-08-22 23:48 1212416 c:\windows\ie8updates\KB2618444-IE8\urlmon.dll
    + 2011-12-15 01:47 . 2011-10-03 08:35 5971456 c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
    + 2011-12-15 01:47 . 2011-08-22 23:48 2000384 c:\windows\ie8updates\KB2618444-IE8\iertutil.dll
    - 2009-11-15 07:03 . 2010-12-09 13:38 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2009-11-15 07:03 . 2011-10-25 13:33 2192768 c:\windows\Driver Cache\i386\ntoskrnl.exe
    + 2009-11-15 07:03 . 2011-10-25 12:52 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    - 2009-11-15 07:03 . 2010-12-09 13:07 2027008 c:\windows\Driver Cache\i386\ntkrpamp.exe
    + 2009-02-08 03:02 . 2011-10-25 12:52 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2009-02-08 03:02 . 2010-12-09 13:07 2069376 c:\windows\Driver Cache\i386\ntkrnlpa.exe
    - 2009-11-15 07:03 . 2010-12-09 13:42 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2009-11-15 07:03 . 2011-10-25 13:37 2148864 c:\windows\Driver Cache\i386\ntkrnlmp.exe
    + 2010-03-15 02:11 . 2011-12-15 01:43 52988224 c:\windows\system32\MRT.exe
    - 2009-03-08 11:39 . 2011-08-24 01:48 11081728 c:\windows\system32\ieframe.dll
    + 2009-03-08 11:39 . 2011-11-04 19:20 11081728 c:\windows\system32\ieframe.dll
    + 2010-03-15 02:29 . 2011-11-04 19:20 11081728 c:\windows\system32\dllcache\ieframe.dll
    - 2010-03-15 02:29 . 2011-08-24 01:48 11081728 c:\windows\system32\dllcache\ieframe.dll
    + 2011-12-15 01:47 . 2011-08-24 01:48 11081728 c:\windows\ie8updates\KB2618444-IE8\ieframe.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2011-12-12 17:09 1547104 ----a-w- c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.18\AVG Secure Search_toolbar.dll" [2011-12-12 1547104]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
    "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
    "TPSMain"="TPSMain.exe" [2005-06-01 282624]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-12-07 2078048]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-05-07 1638400]
    "StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2011-12-12 827232]
    .
    c:\documents and settings\john\Start Menu\Programs\Startup\
    Microsoft Office OneNote 2003 Quick Launch.lnk.disabled [2010-3-6 884]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-24 16:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Google Update"="c:\documents and settings\john\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
    "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    "TOSCDSPD"=c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe
    "SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Alcmtr"=ALCMTR.EXE
    "AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    "Conime"=%windir%\system32\conime.exe
    "PadTouch"=c:\program files\TOSHIBA\Touch and Launch\PadExe.exe
    "Pinger"=c:\toshiba\ivp\ism\pinger.exe
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
    "RTHDCPL"=RTHDCPL.EXE
    "SmoothView"=c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
    "Tvs"=c:\program files\Toshiba\Tvs\TvsTray.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/14/2009 11:18 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/14/2009 11:18 PM 243152]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 8:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 1:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 3:38 PM 116608]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 7:39 PM 308136]
    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [12/12/2011 9:09 AM 855904]
    S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [10/28/2010 10:51 AM 167264]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/4/2005 4:53 PM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2009-11-15 c:\windows\Tasks\Registration reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]
    .
    2009-11-15 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2005-11-05 00:12]
    .
    2011-12-16 c:\windows\Tasks\User_Feed_Synchronization-{2F8F5129-952B-4DE9-AD84-E24A988CCB7E}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.techguy.org/
    uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.0.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-15 17:39
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(688)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\Ati2evxx.dll
    .
    - - - - - - - > 'explorer.exe'(156)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\TPwrCfg.DLL
    c:\windows\system32\TPwrReg.dll
    c:\windows\system32\TPSTrace.DLL
    .
    Completion time: 2011-12-15 17:44:27
    ComboFix-quarantined-files.txt 2011-12-16 01:44
    ComboFix2.txt 2011-12-13 00:37
    ComboFix3.txt 2011-12-08 00:34
    .
    Pre-Run: 48,813,981,696 bytes free
    Post-Run: 48,812,462,080 bytes free
    .
    - - End Of File - - 6A6AA9AC1CF705C461F6D1C5614E7482
     
  14. Larusso

    Larusso

    Joined:
    Aug 9, 2011
    Messages:
    808
    I notice you have Malwarebytes' Anti-Malware installed on your machine. Please launch the program and select the update tab, then click on the check for updates button.

    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform Quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Save it to your desktop.

    Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.



    Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
    • Click Start
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
    • Copy and paste that log in your next reply.



    Please post in your next reply
    MBAM Log
    log.txt
     
  15. Johnners

    Johnners Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    18
    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org
    Database version: 8380
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    12/16/2011 7:32:11 AM
    mbam-log-2011-12-16 (07-32-11).txt
    Scan type: Quick scan
    Objects scanned: 169742
    Time elapsed: 8 minute(s), 18 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030413

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice