NEEEED Help are moving Nasty virus/spyware! Professionals welcome

Started by WHY_ME, March 14, 2013, 11:55:36 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1 2
User actions

WHY_ME

March 14, 2013, 11:55:36 PM
I have a nasty virus/spyware thats keeping my pc from connecting to the internet, using any advanced tools, and  utilizing system restore.  I pretty much have an idea why it happened (PSP sharing) and I'm just pissed because it wasn't done by me personally.  I tried to turn the proxy off in my web browsers, restore my computer to a previous point in time, hell I even ran multiple scans with malwarebytes.  It found  something and I followed the instructions to quarantine/delete, but when I reboot afterwards it's still the same stuff.  Also I even tried to make a new admin account( which I was surprisingly able to ) since everytime I tried to log on the original the screen would go to the desktop, flash/crash, and hard reset itself.  That happened every single time I logged on to the old admin profile.  I;m currently using someone else's mac to write this since my computer is not complying.  It doesn't recognize my fios router or wifi and every other device that tries to hookup to our wifi has a problem also.  This computer is hooked into the wireless router by ethernet since its our main computer.  I feel so frustrated and I just want to get this thing off and ban my stupid cousin for this .  Please Please help someone , ANYONE.  it would be greatly appreciated.  Also to note it basically disabled my antivirus and malwarebyes from updating and before the internet cut off I kept hearing ads but seeing nothing while using Youtube(I just figured it was google ads, but I had never experienced that before).  Hence their databases are wildly out of date(like 3 months).  I make sure they are updated daily so I;m not sure how that happened , but thats what it is.  Even so Malwarebytes was able to locate something:  "PUP.FunWebPro....."  Thanks ahead of time for all the replies, I'll make sure I'm on as much as possible in order to fix this.

GR@PH;<'S

#1
March 15, 2013, 12:11:50 AM
WHY_ME,
Welcome to LandzDown Forum. 
You have likely found your way here due to malware on your computer.  We will do our best to assist you.  However, in order to do so, please follow all instructions in the sequence given.  If you have questions regarding any of the instructions or problems running any tools, please let us know.

Cautions!


  • Do NOT use any tools such as ComboFix or HijackThis fixes without supervision of a qualified adviser.  Doing so could make your computer inoperable and could result in requiring a full reinstall of your operating system, losing all your programs and data.
  • Do NOT follow instructions that were provided to others, even though they may appear to be a solution to your problem.  Each infection causes unique problems on each computer. Everyone has different software on their computer and that makes each log different.
  • Do NOT install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.
  • Some of the requested logs will be quite large so it may be necessary to split them over multiple replies.  Be sure to check that the complete log has posted.
  • Your security programs may give warnings for some of the tools you will be asked to use.  Be assured, any links provided are safe.  If you receive a UAC prompt, please approve the elevation.
  • Please continue to respond until you receive the "All Clear".  Just because you cannot see a problem does not mean it isn't there.
  • If you have questions regarding any of the instructions or problems running any tools, please let us know.

Prepare your computer for analysis and recommendations

Note:  If you have run and fixed anything with any programs, please restart the computer before proceeding.

1.  Uninstall the following via Add or Remove Programs in Control Panel:


  • Should you have more than one antivirus software installed, leave only one and uninstall any others.
  • File sharing programs such as uTorrent, Bittorrent, LimeWire, Morpheus, Azureus, Kazaa are a major conduit for malware and a likely source of your current issues.  It is requested that you uninstall any such programs prior to cleanup and to prevent reinfection.
2.  Please download DDS.scr by sUBs and save it to your desktop.  If you have a old copy (prior to Ver_2012-11-20.01) please delete it and download a fresh copy.

  • Disable any script blocker and then double-click dds.scr to run.
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • The logs will automatically be saved to your desktop.

3. Please download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double-click SecurityCheck.exe and follow the on-screen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please post the contents of that document with the other requested logs.

Posting Instructions


  • Go to the Analysis and Malware Removal forum.
  • Click the New Topic link.
  • Add a title that describes your problem.  Please start your post with a brief explanation of what is happening to your PC and any steps you may have taken on your own.
  • Copy/paste checkup.txt from SecurityCheck to your reply.
  • Copy/paste both DDS.txt and Attach.txt to your reply.
  • Complete your post by pressing the Post button.
  • Please review your post to ensure that all logs have posted.  If anything is missing, create another reply and copy/paste the remaining log(s).

    Note:  Please do NOT attach logs.  All requested logs are to be copy/pasted in your topic.

Final Notes

1.  This site does not support the use of "cracked" programs.  If the presence of pirated/cracked software is detected on your computer, your topic will be closed. 

2.  We cannot undertake the liability of a business-owned asset.  If you are having problems with a business machine, please consult your IT Department or System Administrator.  It is further advisable that you consult your employer's "Acceptable Usage Policy" to ensure that you are not in breach of Company rules by attempting to fix a business asset.

3.  Please be patient.  The experts will review your logs and get back to you.  However, they are all volunteers and may not be available to assist when you post.

4.  Please subscribe to your topic so you will receive a notification when you have received a reply. 

  • Click the button at the top of the thread. 
  • Click OK to the popup reading "Are you sure you wish to enable notification of new replies for this topic?"

LandzDown Team

Please Do NOT use any tools such as ComboFix or HijackThis fixes without supervision of a qualified adviser.

GR@PH;<'S   :Hammys pint:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

WHY_ME

#2
March 15, 2013, 12:18:54 AM
Ok thanks for the reply.  As I noted earlier I'm typing in this forum using another computer specifically a mac because I can't go online in order to download these files on my desktop.  Can you provide me with any other methods of rectifying this?  I uninstalled the software as you said and all I have left is Microsoft Live Essentials 2011.

WHY_ME

#3
March 15, 2013, 12:26:11 AM
can someone assists me please because I cant download the files that the previous poster asks me to due to lack of internet connection.

GR@PH;<'S

#4
March 15, 2013, 12:27:44 AM
WHY_ME,
I know it is going to be a long hall for you be patient and you will get back that pc the way it used to be.
I recommend that you download all the programs to a USB Memory stick and then run them on your PC copying the Files to the  USB Memory stick to post here via your friends computer.

GR@PH;<'S   :Hammys pint:
press Enter then have a Brandy then if the problem is still there have another Brandy
Q: does it work
A: It does seem to for a few hours at least.

Corrine

#5
March 15, 2013, 12:38:33 AM
Hi, WHY_ME.

There isn't a lot we can do without seeing logs to advise on which tools need to be run and what needs to be removed.  Have you tried Safe Mode with Networking on the infected computer?  See if the following works:

Select Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.) 

Please start Internet Explorer, and when the program is open, do the following:
-- click on the Tools menu and then select Internet Options.
-- click on the Connections
-- click on the Lan Settings button tab
-- under the Proxy Server section, please uncheck the checkbox labeled "Use a proxy server for your LAN"
-- press the OK  button to close this screen. Then press the OK button to close the Internet Options screen.



Based on the findings by Malwarebytes of "PUP.FunWebPro.....", please download one additional tool and provide the log as I believe it will provide additional helpful information.  Please download AdwCleaner by Xplode to your Desktop.

  •   Double-click AdwCleaner.exe to run the tool.
  •   Click Search.
  •   A logfile will automatically open after the scan has finished.
  •   Please post the contents of that logfile with your next response.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., R1


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

WHY_ME

#6
March 15, 2013, 01:21:02 AM
I'm on it everyone sorry if I seemed like I'm rushing everyone its just I know in forums its hard to get help with literally thousands of posts.  This is my first time hear so bear with me I'm running the programs from my usb as we speak. Waiting to copy the logs and post it here.  Thanks for the feedback.

WHY_ME

#7
March 15, 2013, 01:29:28 AM
Here is the log from AdwCleaner

# AdwCleaner v2.114 - Logfile created 03/14/2013 at 22:22:22
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : No ID - BENFAM
# Boot Mode : Normal
# Running from : I:\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\NOID~1\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\Speedbit
Folder Found : C:\Users\Carol\AppData\Roaming\SearchProtect
Folder Found : C:\Users\Raziel\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\Raziel\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\CT1269415
Folder Found : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Folder Found : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\Smartbar
Folder Found : C:\Users\Raziel\AppData\Roaming\SearchProtect
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\PIP
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("extensions.asktb.cbid", "UF");
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1346378233099");
Found : user_pref("extensions.asktb.locale", "en_US");
Found : user_pref("extensions.asktb.o", "15150");
Found : user_pref("extensions.asktb.options-lang", "en");
Found : user_pref("extensions.asktb.options-locale", "UK");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "6");
Found : user_pref("extensions.asktb.v", "3.6.6.100006");
Found : user_pref("speedbit.dap_installed", true);

File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\xzfot88g.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.1.0.10")[...]
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={74783EF0-5399-4A14-B29F-AE918BB1[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={74783EF0-5399-4A14-B29F-AE918BB10DFE}&m[...]

File : C:\Users\No ID\AppData\Roaming\Mozilla\Firefox\Profiles\3240ilzk.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4279 octets] - [14/03/2013 22:22:22]

########## EOF - C:\AdwCleaner[R1].txt - [4339 octets] ##########

WHY_ME

#8
March 15, 2013, 01:31:39 AM
Here is the DDS log



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.15.2
Run by No ID at 22:23:17 on 2013-03-14
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.8151.6427 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\spool\DRIVERS\x64\3\dleaserv.exe
C:\Windows\system32\dleacoms.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe
C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell V310-V510 Series] "C:\Program Files (x86)\Dell V310-V510 Series\fm3032.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
StartupFolder: C:\Users\NOID~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{A83A1196-8001-420B-8AC2-9B669180DB62} : DHCPNameServer = 192.168.1.1 68.237.161.12
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - <orphaned>
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RunDLLEntry_THXCfg] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [RunDLLEntry_EptMon] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\EptMon64.dll,RunDLLEntry EptMon64
x64-Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe"
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\No ID\AppData\Roaming\Mozilla\Firefox\Profiles\3240ilzk.default\
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-24 16:00; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2013-03-13 22:14; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-2-28 65408]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-6-2 55856]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-2-22 289872]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-3-19 383808]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-6-2 202752]
R2 dlea_device;dlea_device;C:\Windows\System32\dleacoms.exe -service --> C:\Windows\System32\dleacoms.exe -service [?]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\dleaserv.exe [2010-9-23 45224]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-2 13336]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-6-2 1692480]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-2 56344]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-2 233984]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-6-2 321064]
RUnknown TfFsMon;TfFsMon;

  • RUnknown TfNetMon;TfNetMon;

  • RUnknown TfSysMon;TfSysMon;

  • S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
    S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-2-28 177672]
    S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-10-30 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
    S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456]
    S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-7-8 31800]
    S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-16 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-9 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-03-14 08:35:45   --------   d-----w-   C:\Users\No ID\AppData\Local\ElevatedDiagnostics
    2013-03-14 08:10:22   --------   d-----w-   C:\Users\No ID\AppData\Roaming\Malwarebytes
    2013-03-14 08:09:28   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
    2013-03-14 07:54:56   --------   d-----w-   C:\Users\No ID\AppData\Local\Diagnostics
    2013-03-14 07:50:06   --------   d-----w-   C:\Users\No ID\AppData\Local\Mozilla
    2013-03-14 01:54:47   --------   d-----w-   C:\Users\No ID\AppData\Roaming\Dell
    2013-03-14 01:54:09   --------   d-----w-   C:\Users\No ID\AppData\Local\Stardock_Corporation
    2013-03-14 01:54:04   --------   d-----w-   C:\Users\No ID\AppData\Local\DataSafeOnline
    2013-03-14 01:54:04   --------   d-----w-   C:\Users\No ID\AppData\Local\ATI
    2013-03-14 01:53:51   --------   d-----w-   C:\Users\No ID\AppData\Roaming\V310-V510 Series
    2013-03-14 01:53:47   --------   d-----w-   C:\Users\No ID\AppData\Roaming\Intel Corporation
    2013-03-14 01:53:00   --------   d-----w-   C:\Users\No ID\AppData\Local\VirtualStore
    2013-03-10 05:38:09   --------   d-----w-   C:\Program Files (x86)\SearchProtect
    2013-03-10 05:37:47   --------   d-----w-   C:\Program Files (x86)\Movie Torrent
    2013-03-10 05:37:33   --------   d-----w-   C:\Program Files (x86)\Savvy Suggestor
    2013-03-10 02:17:58   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-03-09 04:20:49   --------   d-----w-   C:\Program Files\PeerBlock
    2013-03-04 00:15:34   --------   d-----w-   C:\Program Files\iPod
    2013-03-04 00:15:33   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-03-04 00:15:33   --------   d-----w-   C:\Program Files\iTunes
    2013-03-04 00:15:33   --------   d-----w-   C:\Program Files (x86)\iTunes
    2013-03-02 17:58:35   544688   ----a-w-   C:\Windows\System32\npdeployJava1.dll
    2013-03-02 17:58:35   526256   ----a-w-   C:\Windows\System32\deployJava1.dll
    2013-03-01 00:41:55   65408   ----a-w-   C:\Windows\System32\drivers\aswRvrt.sys
    2013-03-01 00:41:55   177672   ----a-w-   C:\Windows\System32\drivers\aswVmm.sys
    2013-02-24 21:05:55   95648   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-02-15 22:31:23   186432   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2013-02-15 22:31:23   186432   ----a-w-   C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2013-02-15 17:25:31   996352   ----a-w-   C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-15 17:25:31   768000   ----a-w-   C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-02-15 17:24:27   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
    2013-02-15 17:24:27   215040   ----a-w-   C:\Windows\System32\winsrv.dll
    2013-02-15 17:24:27   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
    2013-02-15 17:24:26   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
    2013-02-15 17:24:26   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
    2013-02-15 17:24:26   2048   ----a-w-   C:\Windows\SysWow64\user.exe
    2013-02-15 17:24:23   3153408   ----a-w-   C:\Windows\System32\win32k.sys
    2013-02-15 17:23:23   288088   ----a-w-   C:\Windows\System32\drivers\FWPKCLNT.SYS
    2013-02-15 17:23:23   1913192   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
    2013-02-15 17:23:21   5553512   ----a-w-   C:\Windows\System32\ntoskrnl.exe
    2013-02-15 17:23:20   3967848   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
    2013-02-15 17:23:19   3913064   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
    .
    ==================== Find3M  ====================
    .
    2013-03-02 17:51:39   71024   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-02 17:51:39   691568   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-02-24 21:05:50   861088   ----a-w-   C:\Windows\SysWow64\npdeployJava1.dll
    2013-02-24 21:05:50   782240   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
    2013-01-15 23:49:06   26432   ----a-w-   C:\Windows\System32\RegistryDefragBootTime.exe
    2013-01-13 21:17:03   9728   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 21:17:02   2560   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 21:16:42   10752   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 21:12:46   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 21:11:21   4096   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 21:11:08   5632   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 21:11:07   5632   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 21:11:07   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 21:11:07   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:35:31   9728   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-01-13 20:35:31   2560   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-01-13 20:35:18   10752   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-01-13 20:32:07   3584   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-01-13 20:31:48   4096   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-01-13 20:31:41   5632   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-01-13 20:31:40   5632   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-01-13 20:31:40   3072   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-01-13 20:31:40   3072   ---ha-w-   C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-01-13 20:31:00   1247744   ----a-w-   C:\Windows\SysWow64\DWrite.dll
    2013-01-13 20:22:22   1988096   ----a-w-   C:\Windows\SysWow64\d3d10warp.dll
    2013-01-13 20:20:31   293376   ----a-w-   C:\Windows\SysWow64\dxgi.dll
    2013-01-13 20:09:00   249856   ----a-w-   C:\Windows\SysWow64\d3d10_1core.dll
    2013-01-13 20:08:43   220160   ----a-w-   C:\Windows\SysWow64\d3d10core.dll
    2013-01-13 20:08:35   1504768   ----a-w-   C:\Windows\SysWow64\d3d11.dll
    2013-01-13 19:59:04   1643520   ----a-w-   C:\Windows\System32\DWrite.dll
    2013-01-13 19:58:28   1175552   ----a-w-   C:\Windows\System32\FntCache.dll
    2013-01-13 19:54:01   604160   ----a-w-   C:\Windows\SysWow64\d3d10level9.dll
    2013-01-13 19:53:58   207872   ----a-w-   C:\Windows\SysWow64\WindowsCodecsExt.dll
    2013-01-13 19:53:14   187392   ----a-w-   C:\Windows\SysWow64\UIAnimation.dll
    2013-01-13 19:51:30   2565120   ----a-w-   C:\Windows\System32\d3d10warp.dll
    2013-01-13 19:49:17   363008   ----a-w-   C:\Windows\System32\dxgi.dll
    2013-01-13 19:48:47   161792   ----a-w-   C:\Windows\SysWow64\d3d10_1.dll
    2013-01-13 19:46:25   1080832   ----a-w-   C:\Windows\SysWow64\d3d10.dll
    2013-01-13 19:43:21   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
    2013-01-13 19:38:39   333312   ----a-w-   C:\Windows\System32\d3d10_1core.dll
    2013-01-13 19:38:32   1887232   ----a-w-   C:\Windows\System32\d3d11.dll
    2013-01-13 19:38:21   296960   ----a-w-   C:\Windows\System32\d3d10core.dll
    2013-01-13 19:37:57   3419136   ----a-w-   C:\Windows\SysWow64\d2d1.dll
    2013-01-13 19:25:04   245248   ----a-w-   C:\Windows\System32\WindowsCodecsExt.dll
    2013-01-13 19:24:33   648192   ----a-w-   C:\Windows\System32\d3d10level9.dll
    2013-01-13 19:24:30   221184   ----a-w-   C:\Windows\System32\UIAnimation.dll
    2013-01-13 19:20:42   194560   ----a-w-   C:\Windows\System32\d3d10_1.dll
    2013-01-13 19:20:04   1238528   ----a-w-   C:\Windows\System32\d3d10.dll
    2013-01-13 19:15:40   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
    2013-01-13 19:10:36   3928064   ----a-w-   C:\Windows\System32\d2d1.dll
    2013-01-13 19:02:06   417792   ----a-w-   C:\Windows\SysWow64\WMPhoto.dll
    2013-01-13 18:34:58   364544   ----a-w-   C:\Windows\SysWow64\XpsGdiConverter.dll
    2013-01-13 18:32:43   465920   ----a-w-   C:\Windows\System32\WMPhoto.dll
    2013-01-13 18:09:52   522752   ----a-w-   C:\Windows\System32\XpsGdiConverter.dll
    2013-01-13 17:26:42   1158144   ----a-w-   C:\Windows\SysWow64\XpsPrint.dll
    2013-01-13 17:05:09   1682432   ----a-w-   C:\Windows\System32\XpsPrint.dll
    2013-01-09 01:19:09   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
    2013-01-09 01:12:03   1392128   ----a-w-   C:\Windows\System32\wininet.dll
    2013-01-09 01:11:06   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
    2013-01-09 01:07:51   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
    2013-01-09 01:07:47   599040   ----a-w-   C:\Windows\System32\vbscript.dll
    2013-01-09 01:04:42   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
    2013-01-08 22:11:21   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
    2013-01-08 22:03:20   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
    2013-01-08 22:03:12   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
    2013-01-08 21:59:02   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
    2013-01-08 21:58:29   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
    2013-01-08 21:56:23   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
    2013-01-04 06:11:21   2284544   ----a-w-   C:\Windows\SysWow64\msmpeg2vdec.dll
    2013-01-04 06:11:13   2776576   ----a-w-   C:\Windows\System32\msmpeg2vdec.dll
    2013-01-04 04:43:21   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
    2012-12-16 17:11:22   46080   ----a-w-   C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03   367616   ----a-w-   C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
    .
    ============= FINISH: 22:23:41.66 ===============

WHY_ME

#9
March 15, 2013, 01:33:05 AM
Here is the second part of the DDS scan "Attach.txt"

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 6/9/2010 5:44:41 PM
System Uptime: 3/14/2013 9:13:51 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0T568R
Processor: Intel(R) Core(TM) i7 CPU         860  @ 2.80GHz | CPU 1 | 1176/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 756.449 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: DW1525 (802.11n) WLAN PCIe Card
Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&2360F2AA&0&00E4
Manufacturer: Atheros Communications Inc.
Name: DW1525 (802.11n) WLAN PCIe Card
PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&2360F2AA&0&00E4
Service: athr
.
==== System Restore Points ===================
.
RP198: 3/5/2013 8:38:17 PM - Installed Java 7 Update 17
RP199: 3/9/2013 8:59:16 PM - Revo Uninstaller's restore point - GameFly
RP200: 3/10/2013 12:52:22 AM - Revo Uninstaller's restore point - µTorrent
RP201: 3/10/2013 12:55:41 AM - Revo Uninstaller's restore point - µTorrent
RP202: 3/10/2013 12:57:15 AM - Revo Uninstaller's restore point - Steam
RP203: 3/10/2013 12:59:03 AM - Removed Steam
RP204: 3/10/2013 1:52:48 AM - Revo Uninstaller's restore point - Movie Torrent
RP205: 3/12/2013 9:50:36 AM - Restore Operation
RP206: 3/13/2013 10:00:35 PM - avast! Free Antivirus Setup
RP207: 3/13/2013 10:06:28 PM - Restore Operation
RP208: 3/14/2013 9:18:12 PM - TrueCrypt uninstallation
.
==== Installed Programs ======================
.
7-Zip 9.22beta
AC3Filter 2.5b
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
ATI Catalyst Control Center
ATI Catalyst Install Manager
AVG 2012
Banctec Service Agreement
Belarc Advisor 8.1
Bonjour
Canon DIGITAL CAMERA Solution Disk Software Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC 8
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
D3DX10
DAP Plug-in for 64 Bit IE
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center
Dell V310-V510 Series
DirectXInstallService
DivX Setup
EMC 10 Content
EMCGadgets64
Find+Run Robot 2.87.03
Foxit Reader
FoxyTunes for Firefox
GameFly
GoToAssist 8.0.0.514
HydraVision
iCloud
Intel(R) Control Center
Intel(R) Rapid Storage Technology
Internet TV for Windows Media Center
iTunes
Java 7 Update 15
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 22
Java(TM) 6 Update 39
Java(TM) 6 Update 39 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
OpenOffice.org 3.4.1
PowerDVD DX
QuickTime
Realtek High Definition Audio Driver
Revo Uninstaller 1.94
Roxio Activation Module
Roxio BackOnTrack
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio File Backup
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skins
Sonic CinePlayer Decoder Pack
Steam
System Requirements Lab CYRI
The Witcher 2 - Assassins of Kings Enhanced Edition
THX TruStudio PC
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VC80CRTRedist - 8.0.50727.6195
VD64Inst
Visual Studio 2008 x64 Redistributables
VLC media player 2.0.5
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Windows Media Player Firefox Plugin
WinX DVD Ripper Platinum 7.0.0
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
3/8/2013 9:14:43 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR5.
3/8/2013 11:21:56 PM, Error: Service Control Manager [7000]  - The pbfilter service failed to start due to the following error:  The system cannot find the file specified.
3/14/2013 9:16:47 PM, Error: Service Control Manager [7034]  - The Advanced SystemCare Service 6 service terminated unexpectedly.  It has done this 1 time(s).
3/14/2013 9:15:56 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
3/14/2013 9:14:36 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  RxFilter
3/14/2013 9:14:28 PM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147014847
3/14/2013 9:14:28 PM, Error: Service Control Manager [7000]  - The SessionLauncher service failed to start due to the following error:  The system cannot find the file specified.
3/14/2013 9:14:26 PM, Error: volmgr [46]  - Crash dump initialization failed!
3/14/2013 6:57:00 AM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
3/14/2013 4:33:41 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/14/2013 4:33:41 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/14/2013 4:31:46 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/14/2013 4:31:45 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/14/2013 4:31:41 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/14/2013 4:31:34 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/14/2013 4:31:23 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Avgldx64 Avgmfx64 discache RxFilter spldr TfFsMon TfSysMon truecrypt Wanarpv6
3/13/2013 9:44:39 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/13/2013 9:44:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/13/2013 9:44:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/13/2013 9:39:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswSnx aswSP aswTdi Avgfwfd Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss RxFilter spldr tdx truecrypt vwififlt Wanarpv6 WfpLwf
3/13/2013 9:39:19 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/13/2013 9:39:19 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 9:39:19 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/13/2013 9:39:19 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/13/2013 9:39:19 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/13/2013 9:39:18 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 9:39:18 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 9:39:18 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 9:39:18 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/13/2013 1:28:16 AM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140993535
3/13/2013 1:28:16 AM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140993535
3/13/2013 1:28:16 AM, Error: Microsoft-Windows-PNRPSvc [102]  - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
3/12/2013 9:08:50 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
3/12/2013 9:08:50 PM, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

WHY_ME

#10
March 15, 2013, 01:34:22 AM
Finally here is the log from "checkup.txt"

Results of screen317's Security Check version 0.99.61 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 9 
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled! 
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.65.0.1400 
Java(TM) 6 Update 18 
Java(TM) 6 Update 22 
Java(TM) 6 Update 39 
Java 7 Update 15 
Java version out of Date!
Adobe Flash Player 11.6.602.171 
Adobe Reader 10.1.6 Adobe Reader out of Date! 
Mozilla Firefox 18.0.2 Firefox out of Date! 
````````Process Check: objlist.exe by Laurent````````[/u] 
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

WHY_ME

#11
March 15, 2013, 01:37:00 AM
Hope all that helps the process.  Also to respond about starting in safe mode with networking, I tried.  No luck I can't get on the internet.  My router is unfound by various devices in my home and there is no connection to this computer either even though its connected via ethernet.  The computer detects no home network and none can be found when checking in control panel.  I can confirm that my phone can locate the signal and router but has trouble connecting to it.

Corrine

#13
March 15, 2013, 02:39:44 AM
Hi, WHY_ME.

I'm about to shut down for the night but can get you started.  First things, first, I know you need Java because of OpenOffice.  However, you have a bunch of old, highly vulnerable versions left on the computer that must be uninstalled.  We'll deal with the other updates after we get things going again.

Please remove the following:

Java(TM) 6 Update 18
Java(TM) 6 Update 22
Java(TM) 6 Update 39
Java(TM) 6 Update 39 (64-bit)




Please rescan with AdwCleaner.

  • Double-click AdwCleaner.exe to run the tool.
  • Click Delete.
  • Everything that was found will be deleted.
  • Save any open files and approve the reboot.  A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
Note: The log can also be found at C:\AdwCleaner[XX].txt where XX denotes the number of times the application has been run, i.e., S1



Unfortunately, this is going to be another program to be transported.  You will need to be sure to place it on the desktop of the infected computer.

Please follow these instructions carefully.

Download ComboFix from the following location:  Link 1

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

    Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications.

  • If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.exe on your desktop and follow the prompts. 
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, a log will be produced. Please copy C:\ComboFix.txt in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

WHY_ME

#14
March 15, 2013, 04:00:56 AM
No problem I'm shutting down soon too but I'm going to share the info you asked me to.  I deleted the Java files you spoke of and followed the steps.  Here is the log for the AdwCleaner delete you asked me to go through with:



# AdwCleaner v2.114 - Logfile created 03/15/2013 at 00:25:18
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : No ID - BENFAM
# Boot Mode : Normal
# Running from : I:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\NOID~1\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\Carol\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Raziel\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Raziel\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\CT1269415
Folder Deleted : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\extensions\{ad708c09-d51b-45b3-9d28-4eba2681febf}
Folder Deleted : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\Smartbar
Folder Deleted : C:\Users\Raziel\AppData\Roaming\SearchProtect
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\prefs.js

C:\Users\Raziel\AppData\Roaming\Mozilla\Firefox\Profiles\lgihc6pe.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.2.0.1");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("extensions.asktb.cbid", "UF");
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1346378233099");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.o", "15150");
Deleted : user_pref("extensions.asktb.options-lang", "en");
Deleted : user_pref("extensions.asktb.options-locale", "UK");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "6");
Deleted : user_pref("extensions.asktb.v", "3.6.6.100006");
Deleted : user_pref("speedbit.dap_installed", true);

File : C:\Users\Carol\AppData\Roaming\Mozilla\Firefox\Profiles\xzfot88g.default\prefs.js

Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\14.1.0.10")[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={74783EF0-5399-4A14-B29F-AE918BB1[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={74783EF0-5399-4A14-B29F-AE918BB10DFE}&m[...]

File : C:\Users\No ID\AppData\Roaming\Mozilla\Firefox\Profiles\3240ilzk.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4404 octets] - [14/03/2013 22:22:22]
AdwCleaner[S1].txt - [4528 octets] - [15/03/2013 00:25:18]

########## EOF - C:\AdwCleaner[S1].txt - [4588 octets] ##########
Print
Go Up Pages1 2
User actions