1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Virus gone? Computer still acting up.

Discussion in 'Virus & Other Malware Removal' started by doragonshi, Feb 26, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. doragonshi

    doragonshi Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    5
    I am working on a co-workers computer. I have run AVG bootable anti-virus (can't find any logs from it), Spybot, and Malware Bytes. Everything is coming up clean except for a some odd registry keys here and there.

    However when in normal mode on windows every program takes about 15-30 seconds to come up (if it comes up at all) and all windows services (task manager, control panel, even the ctrl-alt-del screen) give a time-out error. When you are in safe mode everything work just fine. It didn't when I started this haha.

    Hijack this!:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:12:12 PM, on 2/26/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\Downloads\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: CrossriderApp0021802 - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (file missing)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C}: NameServer = 192.168.1.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe

    --
    End of file - 8235 bytes
     
  2. doragonshi

    doragonshi Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    5
    DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
    Internet Explorer: 9.0.8112.16457
    Run by Williams at 12:28:14 on 2013-02-26
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.2889 [GMT -8:00]
    .
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    BHO: Shopping Sidekick Plugin: {11111111-1111-1111-1111-110211181102} -
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    mRunOnce: [GrpConv] grpconv -o
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{20255145-DBF7-4ABE-AA66-A878B55B733C} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C} : NameServer = 192.168.1.1
    TCP: Interfaces\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C}\65562796A7F6E6D2839303C4D253544403 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C}\C696E6B6379737 : NameServer = 192.168.1.1
    TCP: Interfaces\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C}\C696E6B6379737 : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    x64-mStart Page = hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=353138116&ir=
    x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\32iy90h0.default\
    FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN03211838826303703&UM=UM_ID&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
    FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
    FF - plugin: C:\Users\Williams\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\32iy90h0.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\32iy90h0.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}\plugins\npConduitFirefoxPlugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    FF - ExtSQL: 2013-01-25 17:03; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; C:\Users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\32iy90h0.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=0e09e10f00000000000090004e5eb3b2&q=
    FF - user.js: extensions.BabylonToolbar.id - 0e09e10f00000000000090004e5eb3b2
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15716
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.223:17:49
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=118564&tt=0213_4
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=353138116&ir=
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub12&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=353138116&ir=
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub12&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=353138116&ir=&q=
    FF - user.js: extensions.funmoods.id - 90004E5EB3B2E10F
    FF - user.js: extensions.funmoods.instlDay - 15730
    FF - user.js: extensions.funmoods.vrsn - 1.8.4.0
    FF - user.js: extensions.funmoods.vrsni - 1.8.4.0
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.8.4.017:1:44
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - ironpub12
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef -
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.appId - {EA28B360-05E0-4F93-8150-02891F1D8D3C}
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.irspeeddial.aflt - ironpub12
    FF - user.js: extensions.irspeeddial.instlRef -
    FF - user.js: extensions.irspeeddial.cr - 353138116
    FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-1-10 37720]
    R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-8-22 46136]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-11-12 138024]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-27 76912]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-8-22 38528]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-22 203776]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2012-8-22 198784]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-25 398184]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-25 682344]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-22 1153368]
    S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2012-8-22 57344]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-8-22 115216]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-25 24176]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-22 246376]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-22 1255736]
    S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
    S4 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-29 945328]
    .
    =============== Created Last 30 ================
    .
    2013-02-26 10:23:23 98816 ----a-w- C:\Windows\sed.exe
    2013-02-26 10:23:23 256000 ----a-w- C:\Windows\PEV.exe
    2013-02-26 10:23:23 208896 ----a-w- C:\Windows\MBR.exe
    2013-02-26 09:34:41 -------- d-----w- C:\Windows\pss
    2013-02-25 21:05:55 -------- d-----w- C:\Users\Williams\AppData\Roaming\Malwarebytes
    2013-02-25 21:05:48 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-02-25 21:05:47 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-02-25 21:05:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-02-25 21:05:31 -------- d-----w- C:\Users\Williams\AppData\Local\Programs
    2013-02-25 19:25:35 -------- d-----w- C:\Users\Williams\AppData\Local\VirtualStore
    2013-02-25 19:22:59 -------- d-----w- C:\found.000
    2013-02-25 19:08:56 -------- d-----w- C:\Program Files\Unlocker
    .
    ==================== Find3M ====================
    .
    2013-01-30 06:15:44 37720 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-01-11 07:16:05 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2013-01-11 07:16:05 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2013-01-10 02:04:14 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 02:04:14 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-01-10 02:04:04 16369160 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    .
    ============= FINISH: 12:28:29.30 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/22/2012 4:37:33 PM
    System Uptime: 2/26/2013 2:15:27 AM (10 hours ago)
    .
    Motherboard: Acer | | Aspire 5253
    Processor: AMD E-350 Processor | Socket FT1 | 1596/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 298 GiB total, 252.448 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Acer Crystal Eye Webcam
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.01)
    AMD Fuel
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    ATI Catalyst Install Manager
    AVG 2012
    AVG Security Toolbar
    Babylon Chrome Toolbar
    Bonjour
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    Catalyst Control Center Profiles Mobile
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    Conexant HD Audio
    ETDWare PS/2-X64 8.0.6.0_WHQL
    Google Chrome
    Hoyle Puzzle and Board Games 2012
    iTunes
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft DirectX SDK (June 2010)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 18.0.2 (x86 en-US)
    Mozilla Maintenance Service
    OpenOffice.org 3.4.1
    Qualcomm Atheros Fast Reconnect
    RealDownloader
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealNetworks - Microsoft Visual C++ 2010 Runtime
    RealPlayer
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Spybot - Search & Destroy
    Strongvault Online Backup
    Unlocker 1.9.1-x64
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Visual Studio 2008 x64 Redistributables
    Watchtower Library 2009 - English
    Watchtower Library 2010 - English
    Watchtower Library 2011 - English
    Watchtower Library 2011 - español
    WinRAR 4.20 (32-bit)
    WinZip Registry Optimizer
    WMV9/VC-1 Video Playback
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/26/2013 3:19:20 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 3:18:47 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    2/26/2013 2:32:10 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    2/26/2013 2:23:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
    2/26/2013 2:19:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    2/26/2013 2:19:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    2/26/2013 2:16:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/26/2013 2:16:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/26/2013 2:16:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/26/2013 2:15:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/26/2013 2:15:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    2/26/2013 2:15:47 AM, Error: Service Control Manager [7001] - The Conexant Audio Message Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 2:14:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    2/26/2013 2:14:18 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/26/2013 2:09:48 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    2/26/2013 2:09:48 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/26/2013 12:28:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/26/2013 1:47:47 AM, Error: Service Control Manager [7022] - The Peer Networking Identity Manager service hung on starting.
    2/26/2013 1:47:47 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    2/26/2013 1:47:47 AM, Error: Service Control Manager [7001] - The Peer Name Resolution Protocol service depends on the Peer Networking Identity Manager service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    2/26/2013 1:39:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    2/26/2013 1:39:56 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/25/2013 8:19:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/25/2013 2:04:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    2/25/2013 12:49:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2/25/2013 12:10:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    2/25/2013 12:09:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    2/25/2013 12:09:17 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    2/25/2013 11:12:18 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    2/24/2013 7:04:32 PM, Error: Service Control Manager [7031] - The Microsoft .NET Framework NGEN v4.0.30319_X86 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/24/2013 6:00:34 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
    2/24/2013 6:00:34 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.
    2/24/2013 5:48:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
    2/24/2013 5:48:10 PM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/24/2013 10:31:19 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2013 10:29:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/24/2013 10:29:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/24/2013 10:28:49 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    .
    ==== End Of File ===========================
     
  3. doragonshi

    doragonshi Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    5
    GMER 2.1.19115 - http://www.gmer.net
    Rootkit scan 2013-02-26 12:53:45
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BPVT-22JJ5T0 rev.01.01A01 298.09GB
    Running: cx7y6f10.exe; Driver: C:\Users\Williams\AppData\Local\Temp\pwrdikod.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1392] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
    .text ... * 2
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0x7f2e28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0x7f2e68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0x7f2da8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0x7f2d28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0x7f2f28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0x7f2f68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0x7f2ee8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0x7f2ea8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0x7f2c68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0x7f2ca8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0x7f2c28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0x7f2de8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0x7f2d68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0x7f2ce8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1492] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
    .text ... * 2
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
    .text ... * 2
    .text C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe[1404] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761187b1 5 bytes [33, C0, C2, 04, 00]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0x3b4a28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0x3b4a68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0x3b49a8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0x3b4928; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0x3b4b28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0x3b4b68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0x3b4ae8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0x3b4aa8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0x3b4868; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0x3b48a8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0x3b4828; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0x3b49e8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0x3b4968; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0x3b48e8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1728] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
    .text ... * 2
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0x3bb628; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0x3bb668; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0x3bb5a8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0x3bb528; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0x3bb728; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0x3bb768; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0x3bb6e8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0x3bb6a8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0x3bb468; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0x3bb4a8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0x3bb428; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0x3bb5e8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0x3bb568; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0x3bb4e8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[1636] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
    .text ... * 2
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[2028] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
    .text ... * 2
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077b8f991 7 bytes {MOV EDX, 0xe5ca28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077b8fbd5 7 bytes {MOV EDX, 0xe5ca68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077b8fc05 7 bytes {MOV EDX, 0xe5c9a8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077b8fc1d 7 bytes {MOV EDX, 0xe5c928; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077b8fc35 7 bytes {MOV EDX, 0xe5cb28; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077b8fc65 7 bytes {MOV EDX, 0xe5cb68; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077b8fce5 7 bytes {MOV EDX, 0xe5cae8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077b8fcfd 7 bytes {MOV EDX, 0xe5caa8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077b8fd49 7 bytes {MOV EDX, 0xe5c868; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077b8fe41 7 bytes {MOV EDX, 0xe5c8a8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077b90099 7 bytes {MOV EDX, 0xe5c828; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077b910a5 7 bytes {MOV EDX, 0xe5c9e8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077b9111d 7 bytes {MOV EDX, 0xe5c968; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077b91321 7 bytes {MOV EDX, 0xe5c8e8; JMP RDX}
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000762b1465 2 bytes [2B, 76]
    .text C:\Users\Williams\AppData\Local\Google\Chrome\Application\chrome.exe[592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000762b14bb 2 bytes [2B, 76]
    .text ... * 2

    ---- EOF - GMER 2.1 ----
     
  4. doragonshi

    doragonshi Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    5
    Also here's a combo fix log that I ran to unlock some registry keys:
    ComboFix 13-02-24.01 - Williams 02/26/2013 3:13.2.2 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3819.3091 [GMT -8:00]
    Running from: c:\users\Williams\Desktop\ComboFix.exe
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-26 11:18 . 2013-02-26 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-02-26 11:18 . 2013-02-26 11:18 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2013-02-25 21:05 . 2013-02-25 21:05 -------- d-----w- c:\users\Williams\AppData\Roaming\Malwarebytes
    2013-02-25 21:05 . 2013-02-25 21:05 -------- d-----w- c:\programdata\Malwarebytes
    2013-02-25 21:05 . 2013-02-25 21:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-02-25 21:05 . 2012-12-15 00:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-02-25 21:05 . 2013-02-25 21:05 -------- d-----w- c:\users\Williams\AppData\Local\Programs
    2013-02-25 19:25 . 2013-02-25 19:25 -------- d-----w- c:\users\Williams\AppData\Local\VirtualStore
    2013-02-25 19:22 . 2013-02-25 19:22 -------- d-----w- C:\found.000
    2013-02-25 19:08 . 2013-02-25 19:08 -------- d-----w- c:\program files\Unlocker
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-30 06:15 . 2013-01-10 18:03 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-01-11 07:16 . 2013-01-11 07:16 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2013-01-11 07:16 . 2013-01-11 07:16 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2013-01-10 02:04 . 2012-09-22 19:26 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-10 02:04 . 2012-09-22 19:26 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-10 02:04 . 2012-12-20 03:04 16369160 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2013-01-10 01:35 . 2012-08-23 01:23 67599240 ----a-w- c:\windows\system32\MRT.exe
    2012-12-16 17:11 . 2012-12-23 20:57 46080 ----a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-23 20:57 367616 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 20:57 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-23 20:57 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110211181102}]
    c:\program files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2013-01-30 06:15 1883824 ----a-w- c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\14.0.2.14\AVG Secure Search_toolbar.dll" [2013-01-30 1883824]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "GrpConv"="grpconv -o" [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-10 203776]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-11-18 354304]
    R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-17 198784]
    R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [2011-08-10 57344]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-18 246376]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-23 1255736]
    R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-30 38608]
    R4 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-30 945328]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-30 37720]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-29 38528]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 02:04]
    .
    2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074609903-728523743-1570176803-1000Core.job
    - c:\users\Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 03:23]
    .
    2013-02-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3074609903-728523743-1570176803-1000UA.job
    - c:\users\Williams\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-23 03:23]
    .
    2013-01-30 c:\windows\Tasks\ROC_JAN2013_TB_rmv.job
    - c:\program files (x86)\AVG Secure Search\PostInstall\ROC.exe [2013-01-30 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C}: NameServer = 192.168.1.1
    TCP: Interfaces\{FCCBD8BB-F97B-4377-9490-DDEA6B5B561C}\C696E6B6379737: NameServer = 192.168.1.1
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
    FF - ProfilePath - c:\users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\32iy90h0.default\
    FF - prefs.js: browser.search.selectedEngine - uTorrentControl_v2 Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13&CUI=SB_CUI
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&CUI=UN03211838826303703&UM=UM_ID&q=
    FF - ExtSQL: 2013-01-25 17:03; {7473b6bd-4691-4744-a82b-7854eb3d70b6}; c:\users\Williams\AppData\Roaming\Mozilla\Firefox\Profiles\32iy90h0.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=0e09e10f00000000000090004e5eb3b2&q=
    FF - user.js: extensions.BabylonToolbar.id - 0e09e10f00000000000090004e5eb3b2
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15716
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.7.2
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.7.223:17
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=118564&tt=0213_4
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.funmoods.hmpg - true
    FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=ironpub12&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=353138116&ir=
    FF - user.js: extensions.funmoods.dfltSrch - true
    FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
    FF - user.js: extensions.funmoods.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - false
    FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=ironpub12&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=353138116&ir=
    FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=ironpub12&cd=2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB&cr=353138116&ir=&q=
    FF - user.js: extensions.funmoods.id - 90004E5EB3B2E10F
    FF - user.js: extensions.funmoods.instlDay - 15730
    FF - user.js: extensions.funmoods.vrsn - 1.8.4.0
    FF - user.js: extensions.funmoods.vrsni - 1.8.4.0
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.8.4.017:1:44
    FF - user.js: extensions.funmoods.prtnrId - funmoods
    FF - user.js: extensions.funmoods.prdct - funmoods
    FF - user.js: extensions.funmoods.aflt - ironpub12
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods.tlbrId - base
    FF - user.js: extensions.funmoods.instlRef -
    FF - user.js: extensions.funmoods.dfltLng -
    FF - user.js: extensions.funmoods.appId - {EA28B360-05E0-4F93-8150-02891F1D8D3C}
    FF - user.js: extensions.funmoods.excTlbr - false
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.irspeeddial.aflt - ironpub12
    FF - user.js: extensions.irspeeddial.instlRef -
    FF - user.js: extensions.irspeeddial.cr - 353138116
    FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1QzuzytDtDtDyE0EyD0E0BtA0BtB0EtCtD0FtN0D0Tzu0CtAzytCtN1L2XzutBtFtBtFtCtFyEyCyCtN1L1Czu1L1C1F1G1E2Y1StCtB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
    AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
    AddRemove-WinZip Registry Optimizer_is1 - c:\program files (x86)\WinZip Registry Optimizer\unins000.exe
    .
    .
    .
    Completion time: 2013-02-26 03:22:03
    ComboFix-quarantined-files.txt 2013-02-26 11:22
    ComboFix2.txt 2013-02-26 10:37
    .
    Pre-Run: 271,046,168,576 bytes free
    Post-Run: 270,969,692,160 bytes free
    .
    - - End Of File - - 25F900A9F576C1EA028E9C4EE7250E73
     
  5. doragonshi

    doragonshi Thread Starter

    Joined:
    Feb 26, 2013
    Messages:
    5
    cancel going to format computer
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1091059

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice