WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Laptop using Win 7 Pro infected with virus: Windows\System32\
Started by
shadow5
, Feb 21 2014 09:56 AM
This topic is locked
45 replies to this topic
#16
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 27 February 2014 - 12:14 PM
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
Register to Remove
#17
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 27 February 2014 - 01:05 PM
When I try to go to ESET site you provided as "here", my computer says 'connection cannot be completed'. How do I access it again? I had already removed the program from my laptop.
Sam
#18
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 27 February 2014 - 02:34 PM
Somehow the forum software has munged the link so it doesn't work anymore. Here it is:
www.eset.com/onlinescan
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#19
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 27 February 2014 - 04:23 PM
That let me access & download ESET & run the program. However, the text-log looks as abbreviated as the 1st time running it. I am pasting it below my name. Thanks.
Sam
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
#20
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 27 February 2014 - 06:44 PM
You should be getting a log something like...
ESETSmartInstaller@High as CAB hook log:OnlineScanner64.ocx - registred OKOnlineScanner.ocx - registred OK# version=8# IEXPLORE.EXE=11.00.9600.16428 (winblue_gdr.131013-1700)# OnlineScanner.ocx=1.0.0.6920# api_version=3.0.2# EOSSerial=d5cbad9ae200c34d855421669ac1d317# engine=17186# end=finished# remove_checked=false# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-02-23 05:43:54# local_time=2014-02-23 05:43:54 (+0000, GMT Standard Time)# country="United Kingdom"# lang=1033# osver=6.1.7601 NT Service Pack 1# compatibility_mode=1799 16775165 100 94 69356 805388 65634 0# compatibility_mode=5893 16776574 100 94 368272 145642484 0 0# scanned=251866# found=37# cleaned=0# scan_time=61870
and then whatever was found.
Let's try this:
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind *log.txt :folderfind *eset*
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#21
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 28 February 2014 - 03:29 PM
OK, I tried it as per your directions--withOUT disabling AVG anti-virus; and a 2nd time WITH disabling AVG A/V. Below are the 2 txts, in order I ran the program.
Sam
without disabling:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:19 on 28/02/2014 by admin
Administrator - Elevation successful
========== filefind ==========
Searching for "*log.txt "
No files found.
========== folderfind ==========
Searching for "*eset*"
C:\Program Files\ESET d------ [15:04 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner d------ [15:04 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com d------ [20:52 27/02/2014]
C:\Windows\winsxs\x86_microsoft-windows-f..e-arabictypesetting_31bf3856ad364e35_6.1.7600.16385_none_50125dfd297ece76 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.7600.16385_none_16c451bfa363f1e1 d------ [02:37 14/07/2009]
-= EOF =-
WITH DISABLING:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:19 on 28/02/2014 by admin
Administrator - Elevation successful
========== filefind ==========
Searching for "*log.txt "
No files found.
========== folderfind ==========
Searching for "*eset*"
C:\Program Files\ESET d------ [15:04 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner d------ [15:04 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com d------ [20:52 27/02/2014]
C:\Windows\winsxs\x86_microsoft-windows-f..e-arabictypesetting_31bf3856ad364e35_6.1.7600.16385_none_50125dfd297ece76 d------ [02:37 14/07/2009]
C:\Windows\winsxs\x86_microsoft-windows-w..-chinesetraditional_31bf3856ad364e35_7.0.7600.16385_none_16c451bfa363f1e1 d------ [02:37 14/07/2009]
-= EOF =-
#22
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 28 February 2014 - 04:39 PM
You don't need to disable AVG. This tool just reads information. No changes are made so your security programs should not squawk.
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:dir C:\Program Files\ESET\ESET Online Scanner /s
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#23
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 28 February 2014 - 05:31 PM
OK, it seemed to produce an informative log--almost instantaneously! It follows my name.
Sam
SystemLook 30.07.11 by jpshortstuff
Log created at 18:22 on 28/02/2014 by admin
Administrator - Elevation successful
========== dir ==========
C:\Program Files\ESET\ESET Online Scanner - Parameters: "/s"
---Files---
ESETSmartInstaller.exe --a---- 2347384 bytes [20:52 27/02/2014] [17:35 07/02/2013]
esets_apiA.dll --a---- 476904 bytes [20:52 27/02/2014] [17:35 07/02/2013]
esets_apiW.dll --a---- 493384 bytes [20:52 27/02/2014] [17:35 07/02/2013]
esets_apiW_a.dll --a---- 637584 bytes [20:52 27/02/2014] [17:35 07/02/2013]
log.txt --a---- 76 bytes [20:52 27/02/2014] [20:52 27/02/2014]
OnlineCmdLineScanner.exe --a---- 579904 bytes [20:52 27/02/2014] [17:35 07/02/2013]
OnlineCmdLineScannerA.exe --a---- 546944 bytes [20:52 27/02/2014] [17:35 07/02/2013]
OnlineScanner.inf --a---- 172 bytes [20:52 27/02/2014] [13:39 25/01/2013]
OnlineScanner.ocx --a---- 3101344 bytes [20:52 27/02/2014] [17:35 07/02/2013]
OnlineScanner64.ocx --a---- 3574704 bytes [20:52 27/02/2014] [17:35 07/02/2013]
OnlineScannerApp.exe --a---- 546944 bytes [20:52 27/02/2014] [17:35 07/02/2013]
OnlineScannerLang.dll --a---- 324464 bytes [20:52 27/02/2014] [17:35 07/02/2013]
OnlineScannerUninstaller.exe --a---- 122584 bytes [15:04 27/02/2014] [17:35 07/02/2013]
unicows.dll --a---- 258352 bytes [20:52 27/02/2014] [18:38 17/10/2012]
C:\Program Files\ESET\ESET Online Scanner\Modules d------ [20:52 27/02/2014]
em000_32.dat --a---- 54315 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em001_32.dat --a---- 544563 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em002_32.dat --a---- 35676587 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em003_32.dat --a---- 908082 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em004_32.dat --a---- 1043117 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em005_32.dat --a---- 83590 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em006_32.dat --a---- 108799 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em023_32.dat --a---- 3493261 bytes [20:55 27/02/2014] [20:55 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner\Modules\data d------ [20:52 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles d------ [20:52 27/02/2014]
lastupd.ver --a---- 26132 bytes [20:52 27/02/2014] [20:52 27/02/2014]
nod0946.nup --a---- 28730 bytes [20:55 27/02/2014] [20:55 27/02/2014]
nod11D2.nup --a---- 50491 bytes [20:53 27/02/2014] [20:53 27/02/2014]
nod1890.nup --a---- 110417 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod2ABD.nup --a---- 14920 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod2BC8.nup --a---- 85916 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod2C9A.nup --a---- 909276 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod414C.nup --a---- 5642617 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod44D6.nup --a---- 1044726 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod49A7.nup --a---- 118865 bytes [20:53 27/02/2014] [20:53 27/02/2014]
nod5A60.nup --a---- 64167 bytes [20:55 27/02/2014] [20:55 27/02/2014]
nod5E2F.nup --a---- 30658 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod676B.nup --a---- 44661 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod6934.nup --a---- 3463343 bytes [20:54 27/02/2014] [20:55 27/02/2014]
nod78CF.nup --a---- 31209409 bytes [20:53 27/02/2014] [20:54 27/02/2014]
nod7B93.nup --a---- 539988 bytes [20:53 27/02/2014] [20:53 27/02/2014]
nod7BA5.nup --a---- 265143 bytes [20:54 27/02/2014] [20:54 27/02/2014]
nod7F99.nup --a---- 55920 bytes [20:53 27/02/2014] [20:53 27/02/2014]
upd.ver --a---- 26132 bytes [20:52 27/02/2014] [20:52 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com d------ [20:52 27/02/2014]
update.ver --a---- 26132 bytes [20:52 27/02/2014] [20:52 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner\Modules\data\updfiles\temp d------ [20:55 27/02/2014]
em000_32.dat --a---- 54315 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em001_32.dat --a---- 544563 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em002_32.dat --a---- 35676587 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em003_32.dat --a---- 908082 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em004_32.dat --a---- 1043117 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em005_32.dat --a---- 83590 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em006_32.dat --a---- 108799 bytes [20:55 27/02/2014] [20:55 27/02/2014]
em023_32.dat --a---- 3493261 bytes [20:55 27/02/2014] [20:55 27/02/2014]
C:\Program Files\ESET\ESET Online Scanner\Quarantine d------ [20:52 27/02/2014]
-= EOF =-
#24
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 28 February 2014 - 08:09 PM
Well... what that tells us is that ESET did run and apparently quarantined some files. Let's hope the log shows what it found:
Hold your windows key (it's between your ctrl and alt keys) and then press R
This should bring up the run box. Copy and paste the following line in the box.
C:\Program Files\ESET\ESET Online Scanner\log.txt
then click OK.
This should open up the log file.
Please post the contents.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#25
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 01 March 2014 - 08:15 AM
I just now followed your latest directions, and am posting the resulting contents of the log file it produced. Still looks to be the same, minimal info from earlier.
Sam
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Register to Remove
#26
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 01 March 2014 - 10:21 AM
OK. I think I've wasted enough of your time with that scan and we will have to assume that nothing was found (which is a good thing)- even though it created a quarantine folder and you said it did report a patched file. It should have found the patched \System32\rpcss.dll that we replaced in the restore point. Oh well.
It is my belief that we have already "cured" the issue. Please verify that everything is running correctly - and we will clean up.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#27
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 01 March 2014 - 10:42 PM
All seems to be working well--exc. when I click on my quick-link to Google, it will not continue to the site; and the only way I can get to ATT.NET MAIL is to right-click on it & direct it to open in a "new window". Other quick-links open as previously: like Ebay, Craigslist, 2 separate auto-related forums--they merely require one left-click on their icon in the quick-link bar just below the row of "File, Edit, View, Favorites,Tools". Seems like requests to open Google sometimes goes to BING--with Google in its search-box?
I did not run AVG Anti-Virus yet; but I have noticed the "Warning Box from AVG re: a dangerous virus has been located that AVG cannot clean" is no longer flashing on my desktop like it was when we started. In a nutshell, it seems like all is working well enough that I feel comfortable/secure with its operation at this point.
Do I need to remove any programs/files/ap's from my laptop before we call it finished? Thank you immensely for your patience.
Sam
#28
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 01 March 2014 - 11:37 PM
I just noticed that my laptop automatically ran its AVG whole computer scheduled scan at 7:00PM (EST) & found NO threats.
Sam
#29
Tomk
-
- Global Moderator
-
- 20,451 posts
Beguilement Monitor
Posted 02 March 2014 - 12:14 AM
We do have some housekeeping to do... but not until we are happy with how things are running.
I don't like the bing redirect. I thought we had taken care of that.
Please post me new OTL log. Just run a scan with nothing in the custom area. There will only be one log.
I don't like the bing redirect. I thought we had taken care of that.
Please post me new OTL log. Just run a scan with nothing in the custom area. There will only be one log.
Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014
------------------------------------------------------------
Microsoft MVP 2010-2014
#30
shadow5
-
- Authentic Member
-
- 87 posts
Authentic Member
Posted 02 March 2014 - 01:03 AM
Here is the log. Ran it like you said.
Sam
OTL logfile created on: 3/2/2014 1:52:58 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\admin\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.45 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 54.85% Memory free
6.90 Gb Paging File | 5.35 Gb Available in Paging File | 77.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 112.78 Gb Free Space | 75.72% Space Free | Partition Type: NTFS
Drive E: | 978.05 Mb Total Space | 264.54 Mb Free Space | 27.05% Space Free | Partition Type: FAT32
Computer Name: ADMIN-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe ()
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll ()
========== Services (SafeList) ==========
SRV - (IEEtwCollectorService) -- C:\Windows\System32\IEEtwCollector.exe (Microsoft Corporation)
SRV - (vToolbarUpdater17.3.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (e1yexpress) -- C:\Windows\System32\drivers\e1y6232.sys (Intel Corporation)
DRV - (OA001Vid) -- C:\Windows\System32\drivers\OA001Vid.sys (Creative Technology Ltd.)
DRV - (OA001Ufd) -- C:\Windows\System32\drivers\OA001Ufd.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wyff4.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 04 A3 4B 13 E4 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{005A966E-51D4-430E-81CC-70739E25E982}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={52289380-7DA2-4D47-A1C8-A97E8DB5AFB2}&mid=08bc09cf462e47d69d75d16dae10a8d4-6538e1790308be9f9f5471fb177535e7f4494b9a&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-09-09 19:02:15&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD83EA80-332E-4264-9600-93B078DCDD44}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\admin\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2014/01/08 12:35:34 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2014/02/26 20:18:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll File not found
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52B838DA-0C5A-4440-B3A7-272F382E0794}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD3140D2-42CD-4CA0-942C-6F804FEA4135}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011/07/14 18:07:26 | 000,186,168 | ---- | M] () - E:\auto-speedo meter hookup.png -- [ FAT32 ]
O32 - AutoRun File - [2011/07/14 18:07:26 | 000,186,168 | ---- | M] () - E:\auto-speedo-meter hookup.png -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/27 10:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/02/27 09:56:37 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2014/02/26 20:19:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/26 20:19:29 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2014/02/26 12:24:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/02/26 12:24:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/02/26 12:24:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/02/26 12:24:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/26 12:24:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/02/26 12:20:36 | 005,185,084 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2014/02/24 09:34:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/21 11:11:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2014/02/12 03:06:55 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/12 03:06:55 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/12 03:06:55 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/02/12 03:06:55 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/02/12 03:06:54 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/02/12 03:06:54 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/12 03:06:54 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/02/12 03:06:54 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/02/12 03:06:54 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/12 03:06:54 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/02/12 03:06:53 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/02/12 03:06:53 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/02/12 03:06:53 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/12 03:06:53 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/02/12 03:06:51 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/12 03:06:49 | 004,244,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/11 21:15:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/02/11 21:14:50 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2014/02/11 21:14:50 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2014/02/11 21:14:49 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/02/11 21:14:49 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/02/11 21:14:49 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/02/11 21:14:49 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/02/11 21:14:49 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/02/11 21:14:49 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/02/11 21:14:49 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/02/11 21:14:49 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/02/11 21:14:49 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
========== Files - Modified Within 30 Days ==========
[2014/03/02 01:51:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/01 19:25:17 | 000,163,582 | ---- | M] () -- C:\Users\admin\Desktop\orig.jpg
[2014/03/01 19:15:49 | 000,070,833 | ---- | M] () -- C:\Users\admin\Desktop\aftrmkt.jpg
[2014/02/28 15:59:58 | 000,662,650 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/02/28 15:59:58 | 000,122,486 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/02/28 15:58:02 | 000,139,264 | ---- | M] () -- C:\Users\admin\Desktop\SystemLook.exe
[2014/02/27 10:27:03 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 10:27:03 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/27 10:20:11 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2014/02/27 10:19:44 | 2780,745,728 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/26 20:27:36 | 000,000,082 | ---- | M] () -- C:\Windows\System32\kvfuyb.gyl
[2014/02/26 20:18:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/02/26 12:20:37 | 005,185,084 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2014/02/21 11:11:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2014/02/21 10:32:09 | 000,028,672 | ---- | M] () -- C:\Windows\System32\sjql.pyd
[2014/02/21 10:32:09 | 000,000,096 | ---- | M] () -- C:\Windows\System32\kngch.mcj
[2014/02/19 09:14:12 | 145,678,712 | ---- | M] () -- C:\Users\admin\Desktop\avg_arl_ffi_all_120_140203a7055.zip
[2014/02/19 09:01:14 | 000,000,064 | ---- | M] () -- C:\Windows\System32\chtx.eue
[2014/02/15 04:08:38 | 000,102,437 | --S- | M] () -- C:\Windows\System32\ysgt.rlm
[2014/02/06 05:20:26 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/02/06 05:19:55 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/02/06 04:52:56 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/02/06 04:47:18 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/02/06 04:34:32 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/02/06 04:25:36 | 004,244,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/02/06 04:13:13 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
========== Files Created - No Company Name ==========
[2014/03/01 19:22:53 | 000,163,582 | ---- | C] () -- C:\Users\admin\Desktop\orig.jpg
[2014/03/01 19:22:34 | 000,070,833 | ---- | C] () -- C:\Users\admin\Desktop\aftrmkt.jpg
[2014/02/28 15:59:26 | 000,139,264 | ---- | C] () -- C:\Users\admin\Desktop\SystemLook.exe
[2014/02/26 13:36:55 | 000,000,082 | ---- | C] () -- C:\Windows\System32\kvfuyb.gyl
[2014/02/26 12:24:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/26 12:24:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/26 12:24:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/26 12:24:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/26 12:24:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/21 10:32:09 | 000,028,672 | ---- | C] () -- C:\Windows\System32\sjql.pyd
[2014/02/19 09:12:39 | 145,678,712 | ---- | C] () -- C:\Users\admin\Desktop\avg_arl_ffi_all_120_140203a7055.zip
[2014/02/19 09:01:14 | 000,000,096 | ---- | C] () -- C:\Windows\System32\kngch.mcj
[2014/02/19 09:01:14 | 000,000,064 | ---- | C] () -- C:\Windows\System32\chtx.eue
[2014/02/15 04:08:38 | 000,102,437 | --S- | C] () -- C:\Windows\System32\ysgt.rlm
[2013/07/12 23:16:50 | 000,000,060 | ---- | C] () -- C:\Users\admin\AppData\Roaming\mbam.context.scan
========== ZeroAccess Check ==========
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
