Originally sought help on another forum.

Edit BC: http://www.bleepingcomputer.com/forums/topic482162.html/page__st__15

The guy was condescending and ignored my questions. Just wanted to to throw tools at it. Kept pushing me to run combofix right off. Didn't advise me to backup registry or anything, like is done here. Ran OTL with a scripted fix, TDSSK, aswMBR, adwcleaner, Rogue Killer, GMER. I didn't want to run combofix because he could never tell me why, and what exactly he was looking for. Machine does run faster, UAC is restored, but some internet pages still load slower than normal or not at all and I have to restart connection frequently, although for some strange reason it always lets facebook through. Firewall is still being hijacked and I can't turn it off or on, or change or view settings, and Windows Defender service won't start and says service doesn't exist as installed device.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16800 BrowserJavaVersion: 10.4.0
Run by Fireside3 at 19:52:35 on 2013-01-26
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1082 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page =
mStart Page = hxxp://lenovo.msn.com
mLocal Page =
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\14.0.0.14\AVG SafeGuard toolbar_toolbar.dll
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.43.1
TCP: Interfaces\{831E4BA4-96D0-4313-B831-00EFB5DDDA82} : DHCPNameServer = 68.29.73.7 68.29.65.7
TCP: Interfaces\{8E78D7C7-D71F-4433-9273-F108B31CDE88} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A532D431-A313-413A-957A-E33EC5EEF446} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{A532D431-A313-413A-957A-E33EC5EEF446}\144545231363 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A532D431-A313-413A-957A-E33EC5EEF446}\2375942554539313 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A532D431-A313-413A-957A-E33EC5EEF446}\C474026535931303024374 : DHCPNameServer = 198.224.145.135 198.224.144.135
TCP: Interfaces\{A532D431-A313-413A-957A-E33EC5EEF446}\C4740265359313030243740213242303 : DHCPNameServer = 198.224.145.135 198.224.144.135
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.0.1\ViProtocol.dll
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={0BD96E73-04D1-4819-A87B-358700BCF8C2}&mid=78687388800647d1a1076939b2ec7169-fd7425da6a3520021eafa695e95db12b5d347bf0&lang=en&ds=AVG&pr=fr&d=2013-01-24 02:51:13&v=14.0.0.14&pid=safeguard&sg=1&sap=hp
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.0.1\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-01-24 02:51; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.0.0.14
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2012-1-31 36944]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-3-31 39008]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-1-24 37720]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-1-23 103472]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-1-24 945328]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-3-31 28176]
R3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2011-6-25 46136]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\windows\System32\drivers\ssadadb.sys [2011-6-3 36328]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2011-3-31 116240]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\System32\drivers\avgidsfiltera.sys [2011-12-23 29776]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-3-31 75304]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-3-31 242720]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2011-3-31 162304]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 lvpepf64;Volume Adapter;C:\windows\System32\drivers\lv302a64.sys [2012-1-25 15896]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-1-25 327576]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\windows\System32\drivers\lgvzandnetdiag64.sys [2011-4-12 30208]
S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\windows\System32\drivers\lgvzandnetmdm64.sys [2011-4-12 37376]
S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\windows\System32\drivers\lgvzandnetndis64.sys [2011-4-12 91136]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-6-10 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-9-8 204288]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-9-8 361984]
.
=============== Created Last 30 ================
.
2013-01-26 09:54:16 -------- d-----w- C:\Users\Fireside3\AppData\Local\HuluDesktop
2013-01-25 23:45:33 -------- d-----w- C:\recovery bin
2013-01-24 21:54:39 -------- d-----w- C:\OTL
2013-01-24 08:51:52 -------- d-----w- C:\Users\Fireside3\AppData\Local\AVG SafeGuard toolbar
2013-01-24 08:51:27 -------- d-----w- C:\ProgramData\AVG Security Toolbar
2013-01-24 08:51:24 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-01-24 08:51:09 37720 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-01-24 08:51:05 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-01-24 08:51:02 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-01-24 08:43:58 -------- d-----w- C:\ProgramData\AVG January 2013 Campaign
2013-01-15 13:12:33 -------- d-----w- C:\Users\Fireside3\AppData\Local\DigitalVolcano
2013-01-15 01:11:43 -------- d-----w- C:\Program Files (x86)\Duplicate Cleaner
2013-01-13 00:38:41 -------- d-----w- C:\TDSSKiller_Quarantine
.
==================== Find3M ====================
.
2012-12-22 10:53:22 208216 ----a-w- C:\windows\System32\drivers\93694517.sys
2012-12-19 17:18:54 0 ----a-w- C:\windows\ativpsrm.bin
2012-11-03 18:03:36 108008 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2012-11-03 18:03:33 916456 ----a-w- C:\windows\System32\deployJava1.dll
2012-11-03 18:03:33 1034216 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-11-03 17:37:56 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-03 17:37:56 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-02 03:52:50 75928 ----a-w- C:\windows\System32\drivers\dc3d.sys
2012-11-02 03:52:50 1795952 ----a-w- C:\windows\System32\WdfCoInstaller01011.dll
2012-06-27 05:02:15 338 ----a-w- C:\Program Files (x86)\temp995.bat
.
============= FINISH: 19:53:08.38 ===============

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-26 20:07:06
-----------------------------
20:07:06.128 OS Version: Windows x64 6.1.7600
20:07:06.128 Number of processors: 2 586 0x603
20:07:06.128 ComputerName: FIRESIDE3-PC UserName: Fireside3
20:07:08.691 Initialize success
20:08:43.026 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:08:43.036 Disk 0 Vendor: WDC_WD3200BEVT-24A23T0 01.01A02 Size: 305245MB BusType: 11
20:08:43.086 Disk 0 MBR read successfully
20:08:43.086 Disk 0 MBR scan
20:08:43.096 Disk 0 Windows 7 default MBR code
20:08:43.096 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
20:08:43.116 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260243 MB offset 411648
20:08:43.116 Disk 0 Partition - 00 0F Extended LBA 29692 MB offset 533389312
20:08:43.156 Disk 0 Partition 3 00 12 Compaq diag NTFS 15109 MB offset 594198528
20:08:43.186 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 29691 MB offset 533391360
20:08:43.226 Disk 0 scanning C:\windows\system32\drivers
20:08:51.630 Service scanning
20:09:53.334 Modules scanning
20:09:53.334 Disk 0 trace - called modules:
20:09:53.350 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
20:09:53.350 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80030d0060]
20:09:53.350 3 CLASSPNP.SYS[fffff8800188d43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8003096060]
20:09:53.350 Scan finished successfully
20:12:44.053 Disk 0 MBR has been saved successfully to "C:\Users\Fireside3\Desktop\MBR.dat"
20:12:44.063 The log file has been saved successfully to "C:\Users\Fireside3\Desktop\aswMBR.txt"

=================================================

Congratulations!: No immediate threats were found. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2012-09-06 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-12-18 Includes\Adware.sbi (*)
2013-01-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-01-22 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-01-22 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-01-17 Includes\TrojansC-02.sbi (*)
2013-01-22 Includes\TrojansC-03.sbi (*)
2013-01-21 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-12-03 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Running programs with Vista or Windows 7 , Right Click and select RUN AS ADMINISTATOR



We are going to start fresh here like nothing else has been done.. I am looking at some bogus search setting so lets start off with the Junkware Removal tool and go from there. What where going to do first is to make sure your system is free from any malware

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop


shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by Fireside3 on Wed 02/06/2013 at 3:50:57.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{95b7759c-8c7f-4bf1-b163-73684a933233}



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{95b7759c-8c7f-4bf1-b163-73684a933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\speedypc software"
Successfully deleted: [Folder] "C:\Users\Fireside3\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Fireside3\AppData\Roaming\speedypc software"



~~~ FireFox

Successfully deleted: [File] C:\Users\Fireside3\AppData\Roaming\mozilla\firefox\profiles\jori9q7v.default\invalidprefs.js
Successfully deleted the following from C:\Users\Fireside3\AppData\Roaming\mozilla\firefox\profiles\jori9q7v.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://mysearch.avg.com/?cid={0BD96E73-04D1-4819-A87B-358700BCF8C2}&mid=78687388800647d1a1076939b2ec7169-fd7425da6a3520021eafa695e95db12
Emptied folder: C:\Users\Fireside3\AppData\Roaming\mozilla\firefox\profiles\jori9q7v.default\minidumps [31 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/06/2013 at 3:57:18.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Great,

Lets go a bit further


Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop


Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

OK, as to this, I have attached a scan log from ADW first. The reason being is because upon dealing with this before, ADWcleaner just removes entries related to such things as my AVG plug ins, tab saving add ons, and apparently just what it doesn't recognize, without much option to override what I don't want removed. Is there a way to exclude certain items? Please advise. I've quite recently run malware bytes, as I have it already installed and so run it regularly, but sadly it seldom finds things that I am able to find with Spybot S&D or other tools. Will run again though after you advise in regard to ADW. Thank you.

===================================================

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 12:27:50
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Fireside3 - FIRESIDE3-PC
# Boot Mode : Normal
# Running from : C:\Users\Fireside3\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG Security Toolbar

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16800

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Opera v [Unable to get version]

File : C:\Users\Fireside3\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [921 octets] - [23/01/2013 16:55:48]
AdwCleaner[R3].txt - [980 octets] - [23/01/2013 16:56:13]
AdwCleaner[R4].txt - [1097 octets] - [24/01/2013 02:37:47]
AdwCleaner[R5].txt - [4697 octets] - [25/01/2013 11:11:47]
AdwCleaner[R6].txt - [5206 octets] - [30/01/2013 02:44:34]
AdwCleaner[R7].txt - [4013 octets] - [06/02/2013 12:27:50]
AdwCleaner[S4].txt - [1039 octets] - [23/01/2013 16:57:00]

########## EOF - C:\AdwCleaner[R7].txt - [4133 octets] ##########

Well, AVG is somewhat of a resource hog and there toolbar is not needed.

Lets take a closer look

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Well, I don't so much mind any helpers from AVG disappearing, but I just didn't want it to screw up functionality elsewhere. Mainly I'm only worried about my tab saving add on, because it's a pain in the ass when I loose all my tabs, but I could always save the sessions file in FF profile and add it back later if that would be OK, and then I'll run ADW, or I can do OTL.

Went ahead and performed ADWCleaner and Mbam. Logs below. Advise if still want OTL. I'm still locked out of my firewall settings though.

===================================================

# AdwCleaner v2.111 - Logfile created 02/06/2013 at 13:33:27
# Updated 05/02/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Fireside3 - FIRESIDE3-PC
# Boot Mode : Normal
# Running from : C:\Users\Fireside3\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Security Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16800

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

-\\ Opera v [Unable to get version]

File : C:\Users\Fireside3\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [921 octets] - [23/01/2013 16:55:48]
AdwCleaner[R3].txt - [980 octets] - [23/01/2013 16:56:13]
AdwCleaner[R4].txt - [1097 octets] - [24/01/2013 02:37:47]
AdwCleaner[R5].txt - [4697 octets] - [25/01/2013 11:11:47]
AdwCleaner[R6].txt - [5206 octets] - [30/01/2013 02:44:34]
AdwCleaner[R7].txt - [4194 octets] - [06/02/2013 12:27:50]
AdwCleaner[S4].txt - [1039 octets] - [23/01/2013 16:57:00]
AdwCleaner[S5].txt - [316 octets] - [06/02/2013 13:32:58]
AdwCleaner[S6].txt - [4259 octets] - [06/02/2013 13:33:27]

########## EOF - C:\AdwCleaner[S6].txt - [4319 octets] ##########

=======================================================

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2013.02.06.08

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Fireside3 :: FIRESIDE3-PC [administrator]

2/6/2013 1:43:46 PM
mbam-log-2013-02-06 (13-43-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 209972
Time elapsed: 4 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Go ahead and run OTL and post the log, it may show setting for your firewall

OTL logfile created on: 2/6/2013 5:58:51 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fireside3\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.57 Gb Available Physical Memory | 57.24% Memory free
7.14 Gb Paging File | 5.58 Gb Available in Paging File | 78.14% Paging File free
Paging file location(s): c:\pagefile.sys 4500 9000

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254.14 Gb Total Space | 102.23 Gb Free Space | 40.23% Space Free | Partition Type: NTFS
Drive D: | 29.00 Gb Total Space | 0.00 Gb Free Space | 0.02% Space Free | Partition Type: NTFS

Computer Name: FIRESIDE3-PC | User Name: Fireside3 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
PRC - C:\Users\Fireside3\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()


========== Services (SafeList) ==========

SRV:[b]64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (vToolbarUpdater14.0.1) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (0078011360180046mcinstcleanup) -- C:\Windows\Temp\0078011360180046mcinst.exe (McAfee, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (vzandnetndis) -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys (LG Electronics Inc.)
DRV:64bit: - (vzandnetmodem) -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys (LG Electronics Inc.)
DRV:64bit: - (vzandnetdiag) -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys (LG Electronics Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\drivers\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (Cam5607) -- C:\Windows\SysNative\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com/
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: savemytabs@dmitriy.khudorozhkov:0.53
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: netvideohunter@netvideohunter.com:1.9.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/03/31 08:55:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/03/18 16:54:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/03/31 08:55:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 09:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/02/06 13:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/29 20:25:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/03 10:43:39 | 000,000,000 | ---D | M]

[2012/06/13 16:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Extensions
[2013/01/24 02:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
[2013/01/24 15:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions
[2013/01/26 15:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions
[2013/01/26 15:36:09 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2013/01/26 15:36:09 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\netvideohunter@netvideohunter.com
[2012/06/13 16:16:08 | 000,000,000 | ---D | M] (Save My Tabs) -- C:\Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\savemytabs@dmitriy.khudorozhkov
[2012/06/16 01:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/01 09:40:25 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/07/11 15:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/06/01 09:39:16 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/24 02:51:24 | 000,003,607 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2012/06/01 09:39:16 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/01/21 05:50:49 | 000,447,234 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15365 more lines...
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2411584385-4083172941-383610630-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{831E4BA4-96D0-4313-B831-00EFB5DDDA82}: DhcpNameServer = 68.29.73.7 68.29.65.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E78D7C7-D71F-4433-9273-F108B31CDE88}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A532D431-A313-413A-957A-E33EC5EEF446}: DhcpNameServer = 192.168.43.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/06 13:35:48 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Local\AVG Secure Search
[2013/02/06 03:50:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/02/06 03:49:56 | 000,000,000 | ---D | C] -- C:\JRT
[2013/02/05 04:00:33 | 000,547,275 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Fireside3\Desktop\JRT.exe
[2013/02/03 06:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/02/03 06:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/02/03 05:12:27 | 009,710,776 | ---- | C] (SurfRight B.V.) -- C:\Users\Fireside3\Desktop\HitmanPro_x64.exe
[2013/01/30 13:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013/01/29 14:39:14 | 000,000,000 | R--D | C] -- C:\Users\Fireside3\Favorites
[2013/01/28 15:46:53 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\Documents\FormatFactory
[2013/01/28 15:23:57 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Roaming\MPEG Streamclip
[2013/01/27 20:16:20 | 000,000,000 | R--D | C] -- C:\Users\Fireside3\Videos
[2013/01/27 20:16:20 | 000,000,000 | R--D | C] -- C:\Users\Fireside3\Pictures
[2013/01/27 20:16:20 | 000,000,000 | R--D | C] -- C:\Users\Fireside3\Music
[2013/01/26 19:36:58 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/01/26 19:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/01/26 19:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/01/26 03:54:16 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Local\HuluDesktop
[2013/01/25 17:45:33 | 000,000,000 | ---D | C] -- C:\recovery bin
[2013/01/24 23:54:44 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\Desktop\GooredFix Backups
[2013/01/24 23:51:16 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Fireside3\Desktop\GooredFix.exe
[2013/01/24 15:54:39 | 000,000,000 | ---D | C] -- C:\OTL
[2013/01/24 02:51:52 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Local\AVG SafeGuard toolbar
[2013/01/24 02:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/01/24 02:51:09 | 000,037,720 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/24 02:51:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/01/24 02:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/01/24 02:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/23 20:34:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fireside3\Desktop\OTL.exe
[2013/01/20 23:20:51 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\Desktop\RK_Quarantine
[2013/01/18 07:54:08 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/01/15 07:12:33 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Local\DigitalVolcano
[2013/01/14 19:11:43 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner
[2013/01/14 19:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Cleaner
[2013/01/12 18:38:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/01/12 13:56:22 | 000,000,000 | ---D | C] -- C:\Users\Fireside3\Desktop\Firefox tabs issues

========== Files - Modified Within 30 Days ==========

[2013/02/06 17:13:55 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 17:13:55 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/06 13:35:16 | 000,282,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/06 13:35:12 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013/02/06 13:35:01 | 2210,578,432 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/06 13:22:19 | 000,079,619 | ---- | M] () -- C:\Users\Fireside3\Desktop\Hepatocellular Diseases.pdf
[2013/02/06 12:20:27 | 000,582,209 | ---- | M] () -- C:\Users\Fireside3\Desktop\AdwCleaner.exe
[2013/02/06 03:47:21 | 000,014,495 | ---- | M] () -- C:\Users\Fireside3\Desktop\Open Me.rtf
[2013/02/05 04:00:48 | 000,547,275 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Fireside3\Desktop\JRT.exe
[2013/02/05 00:32:09 | 000,000,143 | ---- | M] () -- C:\Users\Fireside3\AppData\Local\kclientgui.ini
[2013/02/03 06:05:23 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/02/03 05:19:07 | 009,710,776 | ---- | M] (SurfRight B.V.) -- C:\Users\Fireside3\Desktop\HitmanPro_x64.exe
[2013/02/03 04:42:01 | 001,897,963 | ---- | M] () -- C:\Users\Fireside3\Desktop\MGtools.exe
[2013/01/30 20:01:59 | 053,924,908 | ---- | M] () -- C:\Users\Fireside3\Desktop\del.avi
[2013/01/27 22:00:13 | 534,886,647 | ---- | M] () -- C:\Users\Fireside3\Desktop\Diamondback soaking.wmv
[2013/01/27 22:00:13 | 188,313,268 | ---- | M] () -- C:\Users\Fireside3\Desktop\Diamondback soaking HD.avi
[2013/01/27 19:13:04 | 000,032,357 | ---- | M] () -- C:\Users\Fireside3\Desktop\294049_285274691487529_1117903741_n.jpg
[2013/01/26 20:48:34 | 000,005,747 | ---- | M] () -- C:\Users\Fireside3\Documents\Spybot - Search & Destroy scan report.pdf
[2013/01/26 19:34:13 | 000,000,865 | ---- | M] () -- C:\Users\Fireside3\Desktop\ERUNT.lnk
[2013/01/26 16:17:36 | 000,004,109 | ---- | M] () -- C:\Users\Fireside3\Desktop\Graboid - Shortcut.lnk
[2013/01/26 05:18:01 | 000,000,079 | ---- | M] () -- C:\Users\Fireside3\Desktop\googlestop.bat
[2013/01/26 05:12:49 | 000,001,421 | ---- | M] () -- C:\Users\Fireside3\Desktop\RegCleanr - Shortcut.lnk
[2013/01/26 00:57:14 | 000,001,739 | ---- | M] () -- C:\Users\Fireside3\Desktop\Defogger.rtf
[2013/01/26 00:55:46 | 000,050,477 | ---- | M] () -- C:\Users\Fireside3\Desktop\Defogger.exe
[2013/01/26 00:38:21 | 000,779,016 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/26 00:38:21 | 000,660,262 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/26 00:38:21 | 000,120,900 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/25 18:40:26 | 000,001,280 | ---- | M] () -- C:\Users\Fireside3\Desktop\Command Prompt.lnk
[2013/01/25 01:00:35 | 000,009,087 | ---- | M] () -- C:\Users\Fireside3\Desktop\thm_phpniHzpA.jpg
[2013/01/24 23:51:20 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Fireside3\Desktop\GooredFix.exe
[2013/01/24 15:56:15 | 000,000,298 | ---- | M] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/24 02:50:32 | 000,037,720 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/01/24 02:43:52 | 107,330,836 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2013/01/23 20:35:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fireside3\Desktop\OTL.exe
[2013/01/23 00:59:16 | 028,413,209 | ---- | M] () -- C:\Users\Fireside3\Desktop\smart meter part1.wma
[2013/01/21 06:18:02 | 000,001,386 | ---- | M] () -- C:\Users\Fireside3\Desktop\CCleaner64 - Shortcut.lnk
[2013/01/21 05:50:49 | 000,447,234 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/01/18 02:10:52 | 064,745,548 | ---- | M] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.avi
[2013/01/16 21:39:57 | 000,009,296 | ---- | M] () -- C:\Users\Fireside3\Desktop\thm_phpkJrfKs_2.jpg
[2013/01/14 19:11:44 | 000,001,070 | ---- | M] () -- C:\Users\Fireside3\Desktop\Duplicate Cleaner.lnk
[2013/01/12 18:38:45 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fireside3\Desktop\TDSSKiller.exe
[2013/01/12 16:29:36 | 000,001,495 | ---- | M] () -- C:\Users\Fireside3\Desktop\epinephrine human dose.rtf
[2013/01/07 20:02:41 | 001,861,029 | ---- | M] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_08.zip

========== Files Created - No Company Name ==========

[2013/02/06 13:35:04 | 000,282,960 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/02/06 13:22:19 | 000,079,619 | ---- | C] () -- C:\Users\Fireside3\Desktop\Hepatocellular Diseases.pdf
[2013/02/06 12:20:02 | 000,582,209 | ---- | C] () -- C:\Users\Fireside3\Desktop\AdwCleaner.exe
[2013/02/03 06:05:23 | 000,001,893 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/02/03 04:38:39 | 001,897,963 | ---- | C] () -- C:\Users\Fireside3\Desktop\MGtools.exe
[2013/01/30 19:58:57 | 053,924,908 | ---- | C] () -- C:\Users\Fireside3\Desktop\del.avi
[2013/01/27 21:44:55 | 534,886,647 | ---- | C] () -- C:\Users\Fireside3\Desktop\Diamondback soaking.wmv
[2013/01/27 21:44:55 | 188,313,268 | ---- | C] () -- C:\Users\Fireside3\Desktop\Diamondback soaking HD.avi
[2013/01/27 19:13:03 | 000,032,357 | ---- | C] () -- C:\Users\Fireside3\Desktop\294049_285274691487529_1117903741_n.jpg
[2013/01/26 20:48:32 | 000,005,747 | ---- | C] () -- C:\Users\Fireside3\Documents\Spybot - Search & Destroy scan report.pdf
[2013/01/26 19:34:13 | 000,000,865 | ---- | C] () -- C:\Users\Fireside3\Desktop\ERUNT.lnk
[2013/01/26 16:17:36 | 000,004,109 | ---- | C] () -- C:\Users\Fireside3\Desktop\Graboid - Shortcut.lnk
[2013/01/26 05:18:01 | 000,000,079 | ---- | C] () -- C:\Users\Fireside3\Desktop\googlestop.bat
[2013/01/26 05:12:49 | 000,001,421 | ---- | C] () -- C:\Users\Fireside3\Desktop\RegCleanr - Shortcut.lnk
[2013/01/26 00:57:14 | 000,001,739 | ---- | C] () -- C:\Users\Fireside3\Desktop\Defogger.rtf
[2013/01/26 00:55:41 | 000,050,477 | ---- | C] () -- C:\Users\Fireside3\Desktop\Defogger.exe
[2013/01/25 18:40:26 | 000,001,280 | ---- | C] () -- C:\Users\Fireside3\Desktop\Command Prompt.lnk
[2013/01/25 01:00:34 | 000,009,087 | ---- | C] () -- C:\Users\Fireside3\Desktop\thm_phpniHzpA.jpg
[2013/01/24 02:44:01 | 000,000,298 | ---- | C] () -- C:\windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/23 00:59:14 | 028,413,209 | ---- | C] () -- C:\Users\Fireside3\Desktop\smart meter part1.wma
[2013/01/21 06:18:02 | 000,001,386 | ---- | C] () -- C:\Users\Fireside3\Desktop\CCleaner64 - Shortcut.lnk
[2013/01/18 02:07:18 | 064,745,548 | ---- | C] () -- C:\Users\Fireside3\Desktop\Hazel eats fruitcake at Xmas 2012.avi
[2013/01/16 21:39:52 | 000,009,296 | ---- | C] () -- C:\Users\Fireside3\Desktop\thm_phpkJrfKs_2.jpg
[2013/01/14 19:11:44 | 000,001,070 | ---- | C] () -- C:\Users\Fireside3\Desktop\Duplicate Cleaner.lnk
[2013/01/12 16:24:21 | 000,001,495 | ---- | C] () -- C:\Users\Fireside3\Desktop\epinephrine human dose.rtf
[2013/01/07 20:01:39 | 001,861,029 | ---- | C] () -- C:\Users\Fireside3\Desktop\attachments_2013_01_08.zip
[2012/12/19 11:18:54 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/09/02 23:13:08 | 000,142,435 | ---- | C] () -- C:\windows\hpwins26.dat
[2012/09/02 23:13:08 | 000,000,370 | ---- | C] () -- C:\windows\hpwmdl26.dat
[2012/08/10 09:17:58 | 000,027,520 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\dt.dat
[2012/06/26 23:02:15 | 000,000,338 | ---- | C] () -- C:\Program Files (x86)\temp995.bat
[2012/06/26 22:57:42 | 000,000,048 | ---- | C] () -- C:\windows\wpd99.drv
[2012/04/26 18:07:59 | 000,020,179 | ---- | C] () -- C:\Users\Fireside3\AppData\Roaming\UserTile.png
[2012/01/16 06:44:25 | 000,000,143 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\kclientgui.ini
[2011/12/24 22:40:56 | 000,000,440 | ---- | C] () -- C:\windows\lightworks.ini
[2011/10/31 03:27:42 | 000,000,193 | ---- | C] () -- C:\windows\WORDPAD.INI
[2011/09/24 03:30:07 | 000,003,584 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/14 10:47:40 | 000,053,760 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
[2011/06/30 04:45:15 | 000,000,275 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\HamsterVideoConverterSettings.cfg
[2011/06/23 17:09:14 | 000,000,017 | ---- | C] () -- C:\Users\Fireside3\AppData\Local\resmon.resmoncfg
[2011/06/13 20:47:32 | 000,000,064 | ---- | C] () -- C:\windows\SysWow64\rp_stats.dat
[2011/06/13 20:47:32 | 000,000,044 | ---- | C] () -- C:\windows\SysWow64\rp_rules.dat
[2011/06/04 16:48:34 | 000,773,296 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/03/31 09:05:52 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011/03/31 08:47:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/03/31 08:47:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/03/31 08:46:54 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/03/31 08:32:27 | 000,015,190 | ---- | C] () -- C:\windows\M3000Twn.ini
[2011/03/17 11:51:44 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/03/14 11:52:18 | 000,033,792 | ---- | C] () -- C:\windows\SysWow64\rgbacodec.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/03/30 23:41:28 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/03/30 23:41:28 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/06/09 13:01:15 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Amazon
[2011/09/02 23:46:56 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Audacity
[2011/10/13 23:21:24 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\AVG2012
[2011/06/13 14:08:36 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/09/22 18:30:39 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\EurekaLog
[2012/03/14 02:47:53 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\IrfanView
[2012/04/08 10:37:24 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Lenovo
[2011/06/12 00:25:54 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Livestation
[2011/06/12 00:25:54 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Mchid
[2013/01/28 15:23:57 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\MPEG Streamclip
[2011/06/30 03:43:38 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\NCH Swift Sound
[2011/07/18 12:40:32 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Opera
[2012/04/26 18:07:58 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\PeerNetworking
[2012/03/07 03:48:21 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Power Sound Editor Free
[2013/01/25 15:00:34 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\SoftGrid Client
[2011/06/27 17:19:28 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Softland
[2013/02/06 14:31:23 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\TeraCopy
[2011/06/04 16:51:25 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\TP
[2012/03/18 17:50:51 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\TweakNow RegCleaner 2012
[2012/10/27 01:16:56 | 000,000,000 | ---D | M] -- C:\Users\Fireside3\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

HitmanPro <-- This program has been known to cause problems and is not recommended, I would uninstall it

Duplicate Cleaner <--No need for running programs like this, sometimes they remove files they should not have, I would uninstall it also


C:\Program Files (x86)\temp995.bat <-- did you create this file, if not delete it



ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Hitman was recommended by another forum where I obtained no resolution. Will delete.
Duplicate cleaner I am only using to locate and delete redundant media files.
temp995.bat was a leftover from uninstall of pdf 995, a freeware pdf creator. It was deleted.

ESET log
===========================================

C:\OTL\MovedFiles\01242013_155439\C_Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\extensions\lsvytknkto@lsvytknkto.org.xpi JS/Redirector.NCI trojan
C:\OTL\MovedFiles\01242013_155439\C_Users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\extensions\lsvytknkto@lsvytknkto.org.xpi JS/Redirector.NCI trojan
C:\Program Files (x86)\Mozilla Firefox\PageRageSetupAff.exe multiple threats

Good Morning,

First two entries that ESET found are just quarantined files that OTL removed.

But getting mixed results on this one



You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

C:\Program Files (x86)\Mozilla Firefox\PageRageSetupAff.exe

If the site is busy you can try this one
http://virusscan.jotti.org/en

Good morning,

Yes, PageRage was promoted as one of those facebook timeline "removal" apps, which basically just reverts your facebook profile on the user side to appear like the old wall layout. This is an application installer I downloaded some time ago, which to the best of my knowledge I never ran. I suspected it would probably be filled with adware, but I saw no reviews at the time that it was malicious. I tend to at least websearch reviews on any programs before installing something I haven't heard of.

https://www.virustotal.com/file/6334b100d3c938c61c8114559656e58b88cb767b5e2d24f4ef2198f73043fcba/analysis/1360318070/

Oh, by the way, still locked out of my firewall settings. Error Code 0x80070424. And Windows Defender was taken out by something too at the same time, and comes up with "service not an installed device" when attempting to run. Other than that, I don't know what else is going on. Redirects haven't come up again.

That file we checked may have some adware with it, lets get rid of it
a variant of Win32/Adware.Yontoo.B


The error code you posted could be caused by a rootkit, lets run Combofix, been at this for a long time and I have never seen a system damaged from running it.


Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

I have read that it's solution to remove some rootkits was to delete everything on the system drive, so I was concerned in using it. I understand this may be a rarity, but another complaint I recall is that it gives no option to exclude harmless entries. Is this true, and is there anything that is more likely to be wiped out, that I may need to backup first? I will post back later today with results. Thanks.

Hi,

As helpers on the forums we get updates on a lot of the tools we use, we also get warnings if one of them is updated and causes problems on account of the update and at that point the tool is pulled until its corrected but the general public does not have access to this information. Thats why we post to just use it under supervision. As of right now there is no problems with Combofix.


I have read that it's solution to remove some rootkits was to delete everything on the system driveIf we did this your computer would not run and Combofix would not remove legit files from your system drive.


If it would make you feel better lets Create a System Restore Point, you can name that restore point Combofix, so in case of any problems we can go in and restore your system prior to running Combofix

Info for you on System Restore if you need it
http://windows.microsoft.com/en-US/windows7/products/features/system-restore

Just want you to know that my area is expecting a Blizzard starting around noon so if I don't reply right back its because I lost power.

Hope you read my previous post about System Restore

Yes, I got it. I will set a restore point, and I had previously performed an erunt reg backup. I've heard about the coming weather. I'm also expecting a visitor tomorrow so I've been busy preparing and I may not be able to get back here until tonight or tomorrow.Thanks!

Sorry for the delay.

It did something. Windows Defender is back and I'm now able to get back into firewall preferences. Good show.

==================================

ComboFix 13-02-07.02 - Fireside3 02/11/2013 3:19.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2811.1371 [GMT -6:00]
Running from: c:\users\Fireside3\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\s.bat
.
.
((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))
.
.
2013-02-11 09:31 . 2013-02-11 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-07 10:32 . 2013-02-07 10:32 -------- d-----w- c:\program files (x86)\ESET
2013-02-06 19:35 . 2013-02-06 19:35 -------- d-----w- c:\users\Fireside3\AppData\Local\AVG Secure Search
2013-02-06 09:50 . 2013-02-06 09:50 -------- d-----w- c:\windows\ERUNT
2013-02-06 09:49 . 2013-02-06 09:49 -------- d-----w- C:\JRT
2013-02-03 12:05 . 2013-02-03 12:05 -------- d-----w- c:\program files\HitmanPro
2013-02-03 12:02 . 2013-02-03 12:13 -------- d-----w- c:\programdata\HitmanPro
2013-01-30 19:20 . 2013-02-06 19:46 -------- d-----w- c:\program files\McAfee
2013-01-28 21:23 . 2013-01-28 21:23 -------- d-----w- c:\users\Fireside3\AppData\Roaming\MPEG Streamclip
2013-01-27 01:34 . 2013-01-27 01:34 -------- d-----w- c:\program files (x86)\ERUNT
2013-01-26 09:54 . 2013-01-26 09:54 -------- d-----w- c:\users\Fireside3\AppData\Local\HuluDesktop
2013-01-25 23:45 . 2013-01-25 23:47 -------- d-----w- C:\recovery bin
2013-01-24 21:54 . 2013-01-24 21:54 -------- d-----w- C:\OTL
2013-01-24 08:51 . 2013-01-24 08:51 -------- d-----w- c:\users\Fireside3\AppData\Local\AVG SafeGuard toolbar
2013-01-24 08:51 . 2013-01-26 09:55 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-01-24 08:51 . 2013-01-24 08:50 37720 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-24 08:51 . 2013-02-06 19:33 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-01-24 08:51 . 2013-01-24 08:51 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-01-24 08:43 . 2013-01-24 08:45 -------- d-----w- c:\programdata\AVG January 2013 Campaign
2013-01-15 13:12 . 2013-01-15 13:12 -------- d-----w- c:\users\Fireside3\AppData\Local\DigitalVolcano
2013-01-15 01:11 . 2013-01-15 01:11 -------- d-----w- c:\program files (x86)\Duplicate Cleaner
2013-01-13 00:38 . 2013-01-13 00:53 -------- d-----w- C:\TDSSKiller_Quarantine
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-22 10:53 . 2012-12-22 10:53 208216 ----a-w- c:\windows\system32\drivers\93694517.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-03 18:47 220632 ----a-w- c:\users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-03 18:47 220632 ----a-w- c:\users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-03 18:47 220632 ----a-w- c:\users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-01-24 1101488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-03-27 162304]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2009-04-30 15896]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-04-30 327576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-12 242720]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2011-04-12 30208]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2011-04-12 37376]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2011-04-12 91136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-10 1255736]
R3 wdmirror;wdmirror;c:\windows\system32\DRIVERS\WDMirror.sys [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-08 204288]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-08 361984]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2010-01-15 39008]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-01-24 37720]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-12-04 103472]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe [2013-01-24 945328]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-10-19 28176]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2012-11-02 75928]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-24 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-24 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-03 18:47 244696 ----a-w- c:\users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-11-03 18:47 244696 ----a-w- c:\users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-03 18:47 244696 ----a-w- c:\users\Fireside3\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2011-03-31 14:46 1502720 ----a-w- c:\windows\System32\IcnOvrly.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-12 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-03-18 7056800]
.
------- Supplementary Scan -------
.
uLocal Page =
mStart Page = hxxp://lenovo.msn.com
mLocal Page =
mWindow Title =
TCP: DhcpNameServer = 192.168.43.1
FF - ProfilePath - c:\users\Fireside3\AppData\Roaming\Mozilla\Firefox\Profiles\jori9q7v.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-16697384.sys
SafeBoot-40348532.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2411584385-4083172941-383610630-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2411584385-4083172941-383610630-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-02-11 03:40:50 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-11 09:40
.
Pre-Run: 118,934,376,448 bytes free
Post-Run: 118,773,018,624 bytes free
.
- - End Of File - - 7A16B4092E920E292BBB712B6C322D3D

Unless otherwise specified, are the items in this log all deletions by ComboFix?

Hi, the only thing that CF removed was this
c:\windows\s.bat


I am tied up at work and will be back at noon, I need to look over the CF log real close, in the meantime lets check this file


You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit these files for analysis, just use the BROWSE feature and then Send File , if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

c:\windows\system32\drivers\93694517.sys<------


If the site is busy you can try this one
http://virusscan.jotti.org/en

Found two more files it removed

- - - - ORPHANS REMOVED - - - -
.
SafeBoot-16697384.sys
SafeBoot-40348532.sys


The rest of the CF log looks ok, how are things running now ?

Funny thing. When I navigate directly from windows explorer, I can see it. When I try to select to upload to virus total, it doesn't show in the folder.
I tried to copy or move the file to desktop to attempt upload, and both failed. When I checked properties, it does not show hidden as attribute, and it shows digital signature from Kaspersky Lab. A "Mini Driver" for Kaspersky Lab GERT with original file name of "klmd.sys"

Lets take a different look, the file may be ok but lets make sure

You will need the 64 bit version

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
93694517.sys
:file
93694517.sys
c:\windows\system32\drivers\93694517.sys


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook 30.07.11 by jpshortstuff
Log created at 16:55 on 11/02/2013 by Fireside3
Administrator - Elevation successful

========== filefind ==========

Searching for "93694517.sys"
C:\Windows\System32\drivers\93694517.sys --a---- 208216 bytes [10:53 22/12/2012] [10:53 22/12/2012] F146E2BA475893DD77B2370DC1211FC6

========== file ==========

93694517.sys - Unable to find/read file.

c:\windows\system32\drivers\93694517.sys - File found and opened.
MD5: F146E2BA475893DD77B2370DC1211FC6
Created at 10:53 on 22/12/2012
Modified at 10:53 on 22/12/2012
Size: 208216 bytes
Attributes: --a----
FileDescription: Kaspersky Lab Mini Driver
FileVersion: 2.8.4.0 built by: WinDDK
ProductVersion: 2.8.4.0
OriginalFilename: klmd.sys
InternalName: klmd.sys
ProductName: Kaspersky Lab Mini Driver
CompanyName: Kaspersky Lab, GERT
LegalCopyright: Copyright (c) Kaspersky Lab, GERT

-= EOF =-

:bigthumb:

That file looks ok, how are things running now ?

I haven't tried all my programs out, but all appears to be working except for AVG will no longer update. I was able to configure firewall and put it on exception list, but nothing. It always fails update now. MalwareBytes and Spybot will update however, as did Windows Defender. No redirects, but on occasion some of my pages will not reload and they fail with connection errors, although other pages like facebook will refresh in another tab with no problem. I can remedy this by stopping and restarting the connection, but it's an inconvenience that seems to be coming up a couple times a day, and the network troubleshooter found no issues. Other than this, nothing else of note.

What browser are you using as default

Firefox 13.0

Why don't you try this, its easier than me posting all the instructions, if this did not help than we are going to uninstall FF and reinstall it but give this a shot first
http://www.howtogeek.com/howto/internet/firefox/restore-the-default-settings-in-firefox-without-uninstalling-it/

Hey, before I had performed this, an FAQ link given by AVG suggested I use an AVG cleanup fix and then try a new install of AVG. I did that, and installed AVG 2013 upgrade. It's now updating, so that seems to be solved. I also think I tracked the intermittent internet connectivity problem to the wi-fi app I was using (FoxFi). Everything seems to be working better the last couple of days.

:bigthumb:


Glad you got it all sorted out


Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.


http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png




Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Done. Thanks for the help Ken!

Your welcome,

All the best,

Ken

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.