AVG Virus detected Win68/patched.A Unable to clean or remove

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

Solved AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sat 01 Dec 2012, 6:34 pm

AVG continues to send warnings....
Post 1 ...
OTL Extras logfile created on: 11/30/2012 10:12:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 39.19% Memory free
5.86 Gb Paging File | 3.67 Gb Available in Paging File | 62.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.77 Gb Total Space | 214.43 Gb Free Space | 75.57% Space Free | Partition Type: NTFS
Drive D: | 14.03 Gb Total Space | 2.32 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32
Drive G: | 1.87 Gb Total Space | 1.22 Gb Free Space | 65.13% Space Free | Partition Type: FAT

Computer Name: MISTY | User Name: DeAnna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{26A49C2B-B623-4AE8-8192-5225D9F184D2}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{773BF642-823B-42D4-15B5-8B72AFF68ABC}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"A-WIN-Extras 8.0.3 2427702_is1" = Mathematica Extras 8.0 (2427702)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E436940-A944-4D67-A45B-1876E23BB9C0}" = e-Sword
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A807CEB4-96A8-46A8-A298-C3AA87B47B00}" = HP Software Framework
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{ADDBDFFF-A9B1-4AAA-94ED-2F754A1F5D5F}" = Document Express DjVu Plug-in
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6152C8A-11A3-4742-BDE7-2438438B7746}_is1" = Return to Mysterious Island version 1.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (32-bit)
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"CCleaner" = CCleaner
"Cuckoo Clock 3D Screensaver_is1" = Cuckoo Clock 3D Screensaver 1.0
"Falling Autumn Leaves Screen Saver" = Falling Autumn Leaves Screen Saver
"Hoyle Puzzle and Board Games Classic" = Hoyle Puzzle and Board Games Classic
"Hoyle Word Games 2" = Hoyle Word Games 2
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Marine Aquarium 2, Sharks & Carousel Bundle" = Marine Aquarium 2, Sharks & Carousel Bundle
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"MOUL" = Myst Online: Uru Live (remove only)
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.3 2427703_is1" = Wolfram CDF Player (M-WIN-D 8.0.3 2427703)
"NOOK Study" = NOOK Study
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Sierra Utilities" = Sierra Utilities
"SP_8e4eb48d" = Search Assistant MocaFlix 1.66
"SpywareBlaster_is1" = SpywareBlaster 4.6
"The Word" = theWord
"Tomb Raider III" = Tomb Raider III
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Warnings at Waverly Academy" = Warnings at Waverly Academy
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WTA-d2b724ee-6798-491e-ae65-13163eb01542" = Tales of Lagoona
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2012 9:44:04 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\HOLD\SoftonicDownloader_for_winrar.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/20/2012 2:02:14 AM | Computer Name = Misty | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 11/24/2012 2:12:51 AM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\HOLD\SoftonicDownloader_for_winrar.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:27 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:32 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:38 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:40 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/30/2012 11:38:34 PM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc00000fd Fault offset: 0x000a69ea Faulting process
id: 0x1f44 Faulting application start time: 0x01cdcf7526335c95 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 94a851ea-3b68-11e2-88c1-c80aa97b8ddd

Error - 11/30/2012 11:42:29 PM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc00000fd Fault offset: 0x000b7c30 Faulting process
id: 0x4a8 Faulting application start time: 0x01cdcf758980bcd0 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 20be8256-3b69-11e2-88c1-c80aa97b8ddd

Error - 11/30/2012 11:55:12 PM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 17.0.0.4706, time
stamp: 0x50ab1ea3 Faulting module name: xul.dll, version: 17.0.0.4706, time stamp:
0x50ab1df0 Exception code: 0xc0000005 Fault offset: 0x000d0148 Faulting process id:
0xe4 Faulting application start time: 0x01cdcf6e13ec4583 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: e808313f-3b6a-11e2-88c1-c80aa97b8ddd

Error - 12/1/2012 1:02:13 AM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc00000fd Fault offset: 0x000b7c3e Faulting process
id: 0x164c Faulting application start time: 0x01cdcf80983c5cc0 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 44b4ab9c-3b74-11e2-b01c-7ee4002dfeb3

Error - 12/1/2012 1:58:23 AM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ Hewlett-Packard Events ]
Error - 8/9/2010 12:55:48 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:22 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:24 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 6:54:59 PM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 6:55:02 PM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 6:58:01 PM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

[ Media Center Events ]
Error - 7/23/2011 7:06:39 PM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 4:06:38 PM - Error connecting to the internet. 4:06:39 PM - Unable
to contact server..

Error - 7/23/2011 7:06:50 PM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 4:06:45 PM - Error connecting to the internet. 4:06:45 PM - Unable
to contact server..

Error - 7/26/2011 9:38:28 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:38:23 AM - Error connecting to the internet. 6:38:23 AM - Unable
to contact server..

Error - 7/29/2011 9:39:45 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:39:40 AM - Error connecting to the internet. 6:39:40 AM - Unable
to contact server..

Error - 7/30/2011 8:57:09 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 5:57:05 AM - Error connecting to the internet. 5:57:05 AM - Unable
to contact server..

Error - 7/31/2011 8:55:50 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 5:55:46 AM - Error connecting to the internet. 5:55:46 AM - Unable
to contact server..

Error - 8/1/2011 9:25:53 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:25:48 AM - Error connecting to the internet. 6:25:48 AM - Unable
to contact server..

Error - 8/3/2011 9:09:31 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:09:26 AM - Error connecting to the internet. 6:09:26 AM - Unable
to contact server..

Error - 8/3/2011 10:09:37 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 7:09:36 AM - Error connecting to the internet. 7:09:36 AM - Unable
to contact server..

Error - 8/4/2011 9:20:55 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:20:50 AM - Error connecting to the internet. 6:20:50 AM - Unable
to contact server..

[ System Events ]
Error - 12/1/2012 12:54:11 AM | Computer Name = Misty | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 12/1/2012 12:54:11 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%1275

Error - 12/1/2012 12:54:15 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/1/2012 12:54:16 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/1/2012 12:55:11 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 12/1/2012 12:55:11 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 12/1/2012 1:57:49 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/1/2012 1:57:50 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/1/2012 1:57:50 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/1/2012 1:57:51 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sat 01 Dec 2012, 6:36 pm

Post 2....OTL Extras logfile created on: 11/30/2012 10:12:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 39.19% Memory free
5.86 Gb Paging File | 3.67 Gb Available in Paging File | 62.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.77 Gb Total Space | 214.43 Gb Free Space | 75.57% Space Free | Partition Type: NTFS
Drive D: | 14.03 Gb Total Space | 2.32 Gb Free Space | 16.54% Space Free | Partition Type: NTFS
Drive E: | 99.34 Mb Total Space | 95.88 Mb Free Space | 96.52% Space Free | Partition Type: FAT32
Drive G: | 1.87 Gb Total Space | 1.22 Gb Free Space | 65.13% Space Free | Partition Type: FAT

Computer Name: MISTY | User Name: DeAnna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{10F539B1-31AF-43BF-9F0C-0EB66E918922}" = HP Quick Launch
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{26A49C2B-B623-4AE8-8192-5225D9F184D2}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{773BF642-823B-42D4-15B5-8B72AFF68ABC}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"A-WIN-Extras 8.0.3 2427702_is1" = Mathematica Extras 8.0 (2427702)
"LSI Soft Modem" = LSI HDA Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{050BF7DA-82C4-416A-8294-7AFEB8ED94E1}" = Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
"{07E49BC1-24FF-4D7A-AC74-727BE95801AF}" = LightScribe System Software
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{47D7C9B8-BD44-4D2E-9040-E946477B2F9A}" = Microsoft Live Search Toolbar
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{49A143E9-4A6A-43E7-86B1-388194C79248}" = HP Smart Web Printing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{582876EC-A178-44D4-9823-C10D6C62EAFF}" = AGEIA PhysX v2.6.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E436940-A944-4D67-A45B-1876E23BB9C0}" = e-Sword
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4317FB-5775-4FB3-BDC9-995595106F1F}" = HP User Guides 0178
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A807CEB4-96A8-46A8-A298-C3AA87B47B00}" = HP Software Framework
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.2 MUI
"{ADDBDFFF-A9B1-4AAA-94ED-2F754A1F5D5F}" = Document Express DjVu Plug-in
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B6152C8A-11A3-4742-BDE7-2438438B7746}_is1" = Return to Mysterious Island version 1.0
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{C96FF998-45BD-411E-9253-B7F2660FE280}" = Qwest Installer
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (32-bit)
"{E4B48349-A165-4097-8D78-AC950BD8638E}" = Business Contact Manager for Microsoft Outlook 2010
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Business Contact Manager" = Business Contact Manager for Microsoft Outlook 2010
"CCleaner" = CCleaner
"Cuckoo Clock 3D Screensaver_is1" = Cuckoo Clock 3D Screensaver 1.0
"Falling Autumn Leaves Screen Saver" = Falling Autumn Leaves Screen Saver
"Hoyle Puzzle and Board Games Classic" = Hoyle Puzzle and Board Games Classic
"Hoyle Word Games 2" = Hoyle Word Games 2
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Marine Aquarium 2, Sharks & Carousel Bundle" = Marine Aquarium 2, Sharks & Carousel Bundle
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"MOUL" = Myst Online: Uru Live (remove only)
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"M-WIN-D 8.0.3 2427703_is1" = Wolfram CDF Player (M-WIN-D 8.0.3 2427703)
"NOOK Study" = NOOK Study
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"RealPlayer 15.0" = RealPlayer
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"Sierra Utilities" = Sierra Utilities
"SP_8e4eb48d" = Search Assistant MocaFlix 1.66
"SpywareBlaster_is1" = SpywareBlaster 4.6
"The Word" = theWord
"Tomb Raider III" = Tomb Raider III
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Warnings at Waverly Academy" = Warnings at Waverly Academy
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WTA-d2b724ee-6798-491e-ae65-13163eb01542" = Tales of Lagoona
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2012 9:44:04 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\HOLD\SoftonicDownloader_for_winrar.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/20/2012 2:02:14 AM | Computer Name = Misty | Source = Microsoft-Windows-Defrag | ID = 257
Description =

Error - 11/24/2012 2:12:51 AM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\HOLD\SoftonicDownloader_for_winrar.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:27 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:32 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:38 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/27/2012 12:20:40 PM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 11/30/2012 11:38:34 PM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc00000fd Fault offset: 0x000a69ea Faulting process
id: 0x1f44 Faulting application start time: 0x01cdcf7526335c95 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 94a851ea-3b68-11e2-88c1-c80aa97b8ddd

Error - 11/30/2012 11:42:29 PM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc00000fd Fault offset: 0x000b7c30 Faulting process
id: 0x4a8 Faulting application start time: 0x01cdcf758980bcd0 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 20be8256-3b69-11e2-88c1-c80aa97b8ddd

Error - 11/30/2012 11:55:12 PM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 17.0.0.4706, time
stamp: 0x50ab1ea3 Faulting module name: xul.dll, version: 17.0.0.4706, time stamp:
0x50ab1df0 Exception code: 0xc0000005 Fault offset: 0x000d0148 Faulting process id:
0xe4 Faulting application start time: 0x01cdcf6e13ec4583 Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: e808313f-3b6a-11e2-88c1-c80aa97b8ddd

Error - 12/1/2012 1:02:13 AM | Computer Name = Misty | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc00000fd Fault offset: 0x000b7c3e Faulting process
id: 0x164c Faulting application start time: 0x01cdcf80983c5cc0 Faulting application
path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 44b4ab9c-3b74-11e2-b01c-7ee4002dfeb3

Error - 12/1/2012 1:58:23 AM | Computer Name = Misty | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "G:\SoftonicDownloader_for_snow-for-windows.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

[ Hewlett-Packard Events ]
Error - 8/9/2010 12:55:48 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:22 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:24 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 12:56:25 AM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 6:54:59 PM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 6:55:02 PM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

Error - 8/9/2010 6:58:01 PM | Computer Name = Misty | Source = Hewlett-Packard | ID = 0
Description =

[ Media Center Events ]
Error - 7/23/2011 7:06:39 PM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 4:06:38 PM - Error connecting to the internet. 4:06:39 PM - Unable
to contact server..

Error - 7/23/2011 7:06:50 PM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 4:06:45 PM - Error connecting to the internet. 4:06:45 PM - Unable
to contact server..

Error - 7/26/2011 9:38:28 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:38:23 AM - Error connecting to the internet. 6:38:23 AM - Unable
to contact server..

Error - 7/29/2011 9:39:45 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:39:40 AM - Error connecting to the internet. 6:39:40 AM - Unable
to contact server..

Error - 7/30/2011 8:57:09 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 5:57:05 AM - Error connecting to the internet. 5:57:05 AM - Unable
to contact server..

Error - 7/31/2011 8:55:50 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 5:55:46 AM - Error connecting to the internet. 5:55:46 AM - Unable
to contact server..

Error - 8/1/2011 9:25:53 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:25:48 AM - Error connecting to the internet. 6:25:48 AM - Unable
to contact server..

Error - 8/3/2011 9:09:31 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:09:26 AM - Error connecting to the internet. 6:09:26 AM - Unable
to contact server..

Error - 8/3/2011 10:09:37 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 7:09:36 AM - Error connecting to the internet. 7:09:36 AM - Unable
to contact server..

Error - 8/4/2011 9:20:55 AM | Computer Name = Misty | Source = MCUpdate | ID = 0
Description = 6:20:50 AM - Error connecting to the internet. 6:20:50 AM - Unable
to contact server..

[ System Events ]
Error - 12/1/2012 12:54:11 AM | Computer Name = Misty | Source = Application Popup | ID = 875
Description = Driver atksgt.sys has been blocked from loading.

Error - 12/1/2012 12:54:11 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%1275

Error - 12/1/2012 12:54:15 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/1/2012 12:54:16 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/1/2012 12:55:11 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 12/1/2012 12:55:11 AM | Computer Name = Misty | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 12/1/2012 1:57:49 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/1/2012 1:57:50 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/1/2012 1:57:50 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.

Error - 12/1/2012 1:57:51 AM | Computer Name = Misty | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR1.


< End of report >

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sat 01 Dec 2012, 6:37 pm

Post 3...
# AdwCleaner v2.010 - Logfile created 11/30/2012 at 22:49:58
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : DeAnna - MISTY
# Boot Mode : Normal
# Running from : G:\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : RelevantKnowledge

***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\searchplugins\Conduit.xml
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\DeAnna\AppData\Local\Conduit
Folder Deleted : C:\Users\DeAnna\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\DeAnna\AppData\Roaming\Babylon
Folder Deleted : C:\Users\DeAnna\AppData\Roaming\iWin
Folder Deleted : C:\Users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\Conduit
Folder Deleted : C:\Users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\ConduitCommon
Folder Deleted : C:\Users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\CT976953
Folder Deleted : C:\Users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\extensions\{5ede6d25-3dee-4c3a-a918-b97c3d7b6e33}
Folder Deleted : C:\Users\DeAnna\AppData\Roaming\Search Settings

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Freeze.com
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = [You must be registered and logged in to see this link.] --> [You must be registered and logged in to see this link.]

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default
File : C:\Users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\prefs.js

C:\Users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\user.js ... Deleted !

Deleted : user_pref("CT976953..clientLogIsEnabled", false);
Deleted : user_pref("CT976953..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT976953..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT976953.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT976953.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT976953.AppTrackingLastCheckTime", "Thu Nov 22 2012 20:03:14 GMT-0800 (Pacific Standard [...]
Deleted : user_pref("CT976953.BrowserCompStateIsOpen_129454517208275329", true);
Deleted : user_pref("CT976953.CT976953", "CT976953");
Deleted : user_pref("CT976953.CurrentServerDate", "1-12-2012");
Deleted : user_pref("CT976953.DSChangedManually", true);
Deleted : user_pref("CT976953.DSInstall", true);
Deleted : user_pref("CT976953.DSProtectChoice", true);
Deleted : user_pref("CT976953.DSProtectCount", 1);
Deleted : user_pref("CT976953.DialogsAlignMode", "LTR");
Deleted : user_pref("CT976953.DialogsGetterLastCheckTime", "Thu Nov 29 2012 17:08:57 GMT-0800 (Pacific Standar[...]
Deleted : user_pref("CT976953.DownloadReferralCookieData", "");
Deleted : user_pref("CT976953.EnableClickToSearchBox", false);
Deleted : user_pref("CT976953.EnableSearchHistory", false);
Deleted : user_pref("CT976953.EnableSearchSuggest", false);
Deleted : user_pref("CT976953.FeedLastCount128251338465568991", 0);
Deleted : user_pref("CT976953.FeedPollDate128251338465568991", "Fri Nov 02 2012 16:44:08 GMT-0700 (Pacific Day[...]
Deleted : user_pref("CT976953.FirstServerDate", "3-11-2012");
Deleted : user_pref("CT976953.FirstTime", true);
Deleted : user_pref("CT976953.FirstTimeFF3", true);
Deleted : user_pref("CT976953.FirstTimeHiddenVer", true);
Deleted : user_pref("CT976953.FixPageNotFoundErrors", true);
Deleted : user_pref("CT976953.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT976953.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT976953.HPChangedManually", false);
Deleted : user_pref("CT976953.HPInstall", true);
Deleted : user_pref("CT976953.HPProtectChoice", true);
Deleted : user_pref("CT976953.HPProtectCount", 2);
Deleted : user_pref("CT976953.HasUserGlobalKeys", true);
Deleted : user_pref("CT976953.HomePageProtectorEnabled", false);
Deleted : user_pref("CT976953.HomepageBeforeUnload", "about:blank");
Deleted : user_pref("CT976953.Initialize", true);
Deleted : user_pref("CT976953.InitializeCommonPrefs", true);
Deleted : user_pref("CT976953.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT976953.InstallationType", "Unknown");
Deleted : user_pref("CT976953.InstalledDate", "Fri Nov 02 2012 16:44:23 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT976953.InvalidateCache", false);
Deleted : user_pref("CT976953.IsAlertDBUpdated", true);
Deleted : user_pref("CT976953.IsGrouping", false);
Deleted : user_pref("CT976953.IsInitSetupIni", true);
Deleted : user_pref("CT976953.IsMulticommunity", false);
Deleted : user_pref("CT976953.IsOpenThankYouPage", true);
Deleted : user_pref("CT976953.IsOpenUninstallPage", true);
Deleted : user_pref("CT976953.IsProtectorsInit", true);
Deleted : user_pref("CT976953.LanguagePackLastCheckTime", "Fri Nov 30 2012 22:01:59 GMT-0800 (Pacific Standard[...]
Deleted : user_pref("CT976953.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT976953.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"[...]
Deleted : user_pref("CT976953.LastLogin_3.15.1.0", "Fri Nov 30 2012 18:57:17 GMT-0800 (Pacific Standard Time)"[...]
Deleted : user_pref("CT976953.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT976953.Locale", "en-us");
Deleted : user_pref("CT976953.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT976953.MCDetectTooltipShow", false);
Deleted : user_pref("CT976953.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT976953.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT976953.MyStuffComponents2666161006", true);
Deleted : user_pref("CT976953.MyStuffComponents5944691964101194769", true);
Deleted : user_pref("CT976953.MyStuffComponents835787631623173020", true);
Deleted : user_pref("CT976953.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT976953.OriginalFirstVersion", "3.15.1.0");
Deleted : user_pref("CT976953.RadioIsPodcast", false);
Deleted : user_pref("CT976953.RadioLastCheckTime", "Fri Nov 02 2012 16:44:16 GMT-0700 (Pacific Daylight Time)"[...]
Deleted : user_pref("CT976953.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT976953.RadioLastUpdateServer", "129301930495100000");
Deleted : user_pref("CT976953.RadioMediaID", "6111452");
Deleted : user_pref("CT976953.RadioMediaType", "Media Player");
Deleted : user_pref("CT976953.RadioMenuSelectedID", "EBRadioMenu_CT9769536111452");
Deleted : user_pref("CT976953.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT976953.RadioStationName", "KMBI%20Moody%20Radio");
Deleted : user_pref("CT976953.RadioStationURL", "hxxp://www.moodyradionorthwest.fm/streams/FM.m3u");
Deleted : user_pref("CT976953.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CT976953.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT976953.SearchCaption", "Becker Bible Studies Customized Web Search");
Deleted : user_pref("CT976953.SearchEngineBeforeUnload", "Ixquick");
Deleted : user_pref("CT976953.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT976953.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT9769[...]
Deleted : user_pref("CT976953.SearchInNewTabEnabled", true);
Deleted : user_pref("CT976953.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT976953.SearchInNewTabLastCheckTime", "Fri Nov 30 2012 22:01:58 GMT-0800 (Pacific Standa[...]
Deleted : user_pref("CT976953.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TO[...]
Deleted : user_pref("CT976953.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT976953.SearchProtectorEnabled", false);
Deleted : user_pref("CT976953.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT976953.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT976953.ServiceMapLastCheckTime", "Fri Nov 30 2012 22:01:59 GMT-0800 (Pacific Standard T[...]
Deleted : user_pref("CT976953.SettingsLastCheckTime", "Fri Nov 30 2012 22:01:57 GMT-0800 (Pacific Standard Tim[...]
Deleted : user_pref("CT976953.SettingsLastUpdate", "1354129169");
Deleted : user_pref("CT976953.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT976953&SearchSource=13");
Deleted : user_pref("CT976953.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT976953.ThirdPartyComponentsLastCheck", "Fri Nov 23 2012 18:07:14 GMT-0800 (Pacific Stan[...]
Deleted : user_pref("CT976953.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT976953.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT976953.TrusteLinkUrl", "hxxp://trust.conduit.com/CT976953");
Deleted : user_pref("CT976953.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client[...]
Deleted : user_pref("CT976953.UserID", "UN66370726265699024");
Deleted : user_pref("CT976953.ValidationData_Search", 1);
Deleted : user_pref("CT976953.alertChannelId", "15813");
Deleted : user_pref("CT976953.approveUntrustedApps", false);
Deleted : user_pref("CT976953.backendstorage.976953a1294545230223376160000000paramsgk", "7B2275706461746552657[...]
Deleted : user_pref("CT976953.backendstorage.976953a1294545230223376160000000twittertemplate_notify_followers"[...]
Deleted : user_pref("CT976953.backendstorage.976953a1294545230223376160000000twittertemplate_notify_followers_[...]
Deleted : user_pref("CT976953.backendstorage.976953a1294545230223376160000000twittertemplate_notify_following"[...]
Deleted : user_pref("CT976953.backendstorage.976953a1294545230223376160000000twittertemplate_notify_following_[...]
Deleted : user_pref("CT976953.backendstorage.976953a1294545230223376160000000twittertemplate_notify_home", "30[...]
Deleted : user_pref("CT976953.backendstorage.976953a1294545230223376160000000twittertemplate_notify_home_count[...]
Deleted : user_pref("CT976953.backendstorage.for_aoi", "31333533323537373635");
Deleted : user_pref("CT976953.backendstorage.for_ccid", "56616E636F75766572");
Deleted : user_pref("CT976953.backendstorage.for_cid", "5553");
Deleted : user_pref("CT976953.backendstorage.for_ip", "36372E352E3133372E323337");
Deleted : user_pref("CT976953.backendstorage.for_lcut", "31333533323537373635");
Deleted : user_pref("CT976953.backendstorage.for_rid", "5741");
Deleted : user_pref("CT976953.backendstorage.for_zoneid", "39363439");
Deleted : user_pref("CT976953.backendstorage.twittertemplate_976953a1294545230223376160000000_dailyactivity", [...]
Deleted : user_pref("CT976953.backendstorage.twittertemplate_976953a1294545230223376160000000_lifetimesent", "[...]
Deleted : user_pref("CT976953.components.1000034", false);
Deleted : user_pref("CT976953.components.1000048", false);
Deleted : user_pref("CT976953.components.1000080", true);
Deleted : user_pref("CT976953.components.1000082", false);
Deleted : user_pref("CT976953.components.1000234", false);
Deleted : user_pref("CT976953.components.1008", true);
Deleted : user_pref("CT976953.components.128251338091818842", false);
Deleted : user_pref("CT976953.components.128251338465568991", false);
Deleted : user_pref("CT976953.components.128473156966238179", false);
Deleted : user_pref("CT976953.components.128549562455593801", false);
Deleted : user_pref("CT976953.components.129301745688569318", false);
Deleted : user_pref("CT976953.components.129301853018731384", false);
Deleted : user_pref("CT976953.components.129319057164575821", false);
Deleted : user_pref("CT976953.components.129408241397825547", false);
Deleted : user_pref("CT976953.components.129454516570150092", false);
Deleted : user_pref("CT976953.components.129454517208275329", false);
Deleted : user_pref("CT976953.components.129454523022337616", false);
Deleted : user_pref("CT976953.components.129533478745500363", false);
Deleted : user_pref("CT976953.components.129533481875656654", false);
Deleted : user_pref("CT976953.components.3562342111233572", false);
Deleted : user_pref("CT976953.components.4930556174285671", false);
Deleted : user_pref("CT976953.components.7119050504763364075", true);
Deleted : user_pref("CT976953.components.7527685960312859", false);
Deleted : user_pref("CT976953.components.90662562667371753", false);
Deleted : user_pref("CT976953.counterAppsAdded", 4);
Deleted : user_pref("CT976953.counterAppsRemoved", 6);
Deleted : user_pref("CT976953.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.co[...]
Deleted : user_pref("CT976953.globalFirstTimeInfoLastCheckTime", "Thu Nov 22 2012 20:03:04 GMT-0800 (Pacific S[...]
Deleted : user_pref("CT976953.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT976953.initDone", true);
Deleted : user_pref("CT976953.isAppTrackingManagerOn", false);
Deleted : user_pref("CT976953.isFirstRadioInstallation", false);
Deleted : user_pref("CT976953.myStuffEnabled", true);
Deleted : user_pref("CT976953.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT976953.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOri[...]
Deleted : user_pref("CT976953.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT976953.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Com[...]
Deleted : user_pref("CT976953.navigateToUrlOnSearch", false);
Deleted : user_pref("CT976953.oldAppsList", "128324577570856886,128251337496507220,1000048,111,128251338091818[...]
Deleted : user_pref("CT976953.revertSettingsEnabled", false);
Deleted : user_pref("CT976953.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT976953.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT976953.testingCtid", "");
Deleted : user_pref("CT976953.toolbarAppMetaDataLastCheckTime", "Fri Nov 30 2012 22:01:59 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT976953.toolbarContextMenuLastCheckTime", "Fri Nov 30 2012 15:59:33 GMT-0800 (Pacific St[...]
Deleted : user_pref("CT976953.undefined", "Fri Nov 02 2012 16:45:33 GMT-0700 (Pacific Daylight Time)");
Deleted : user_pref("CT976953.usageEnabled", false);
Deleted : user_pref("CT976953.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT976953&SearchS[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Becker Bible Studies Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT976953/CT976953",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1172363/1168048/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15813/15479/US", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/502431/498301/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/518085/513955/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666311/662172/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/7275/7137/US", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/824290/820098/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/848331/844134/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/900750/896545/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT976953", "[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT976953", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\DeAnna\\AppData\\Roaming\\Mozilla\\[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.mediaplanetaria.com/remote_media/remo[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/a3/83/a3bf64a[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://tvtoolbar.org/gadget/hulu.php?title=stargate-[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://tvtoolbar.org/tvtoolbar/gadget/tvplayer.php?s[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://tvtoolbar.org/tvtoolbar/gadget/tvplayer.php?s[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://tvtoolbar.org/tvtoolbar/gadget/tvplayer.php?s[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://tvtoolbar.org/tvtoolbar/gadget/tvplayer.php?s[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.mediaplanetaria.com/remote_media/countryc[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.mediaplanetaria.com/remote_media/countryc[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.mediaplanetaria.com/remote_media/remote_n[...]
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT976953");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT976953");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT976953");
Deleted : user_pref("CommunityToolbar.globalUserId", "a80e5d88-6829-4f00-b1f1-18eeb6f1efcb");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Nov 30 2012 15:59:4[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Nov 30 2012 10:57:24 GMT-080[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Nov 30 2012 07:56:39 GMT-0800 (P[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "7a7f5542-8328-440c-a046-e52d3b709371");
Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.search.defaultthis.engineName", "Becker Bible Studies Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT976953&Sear[...]
Deleted : user_pref("extensions.50945b410bd10.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "c469942a0000000000007ee4002dfeb3");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15675");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:27:06");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\DeAnna\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [27449 octets] - [30/11/2012 22:49:58]

########## EOF - C:\AdwCleaner[S1].txt - [27510 octets] ##########

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by DragonMaster Jay on Sat 01 Dec 2012, 7:54 pm

Hi there!

Farbar Recovery Scan Tool x64

Download Farbar Recovery Scan Tool and save it to a flash drive.


Please make sure to get the 64-bit version

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt


  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Place a check next to List Drivers MD5 as well as the default check marks that are already there
  • Press Scan button. It will do its scan and save a log on your flash drive.
  • Close out of the message after that, then type in the text services.exe in to the "Search:" text box. Then, press the Search file(s) button, just as below:

    When done searching, FRST makes a log, Search.txt, on the C:\ drive or on your flash drive.
  • Type exit in the Command Prompt window and reboot the computer normally
  • FRST will make a log (FRST.txt) on the flash drive and also the search.txt logfile, please copy and paste the logs in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 2:16 am

When I type in h:\frst.exe I get: The device is not ready.

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 2:25 am

Never mind... I got it. LOL

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 2:34 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2012 (ATTENTION: FRST version is 8 days old)
Ran by SYSTEM at 01-12-2012 07:24:58
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6160928 2010-01-29] (Realtek Semiconductor)
HKLM\...\Run: [RtkOSD] C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [995840 2010-01-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HP Quick Launch] C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [451072 2010-01-18] (Hewlett-Packard Company)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [172032 2010-03-24] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [QwestTouchPointAgent] "C:\Program Files (x86)\Qwest\Desktop\QwestTouchPointAgent.exe" /autostart [45992 2010-07-06] (Qwest Communications)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-05-20] (Hewlett-Packard Company)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [WTClient] WTClient.exe [x]
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296096 2012-10-11] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\DeAnna\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-06-16] (Hewlett-Packard Company)
HKU\DeAnna\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1685048 2009-09-29] (Hewlett-Packard)
HKU\DeAnna\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [719672 2012-01-20] (Microsoft Corporation)
HKU\DeAnna\...\Run: [WideSearch] C:\Users\DeAnna\AppData\Local\WideSearch\wsearch.exe [x]
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\PictureMover.lnk
ShortcutTarget: PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
Startup: C:\Users\DeAnna\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\DeAnna\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ===================

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [20480 2010-01-18] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [247152 2009-07-06] ()
4 SQLAgent$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) =====================

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [310984 2012-03-07] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [42696 2011-09-17] ()
3 SWDUMon; C:\Windows\System32\Drivers\SWDUMon.sys [15712 2012-08-21] ()
3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-12-01 06:58 - 2012-12-01 06:58 - 00000000 ____D C:\FRST
2012-11-30 22:49 - 2012-11-30 22:50 - 00027552 ____A C:\AdwCleaner[S1].txt
2012-11-30 19:57 - 2012-12-01 07:06 - 00000392 ____A C:\Windows\setupact.log
2012-11-30 19:57 - 2012-11-30 20:53 - 00000940 ____A C:\Windows\PFRO.log
2012-11-30 19:57 - 2012-11-30 19:57 - 00000000 ____A C:\Windows\setuperr.log
2012-11-30 19:37 - 2012-11-30 19:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-30 19:32 - 2012-11-30 20:09 - 00000000 ____D C:\Users\DeAnna\AppData\Roaming\Free Download Manager
2012-11-30 19:27 - 2012-11-30 19:55 - 00000000 ____D C:\Users\DeAnna\AppData\Local\GetBooks
2012-11-30 19:25 - 2012-11-30 21:05 - 00000000 ____D C:\Users\DeAnna\AppData\Local\WideSearch
2012-11-28 17:40 - 2012-11-28 17:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-27 08:28 - 2000-11-28 12:16 - 00028672 ____A () C:\Users\DeAnna\Desktop\WinSnow98.exe
2012-11-24 13:23 - 2012-11-24 13:53 - 00000000 ____D C:\Users\DeAnna\AppData\Local\StickyNotes
2012-11-24 13:23 - 2012-11-24 13:29 - 00000000 ____D C:\Users\DeAnna\Downloads\StickyNotes
2012-11-24 13:21 - 2012-11-24 15:09 - 00000075 ____A C:\Users\DeAnna\Documents\Quick shopping list.txt
2012-11-17 18:50 - 2012-11-17 18:50 - 00000000 ____D C:\Program Files (x86)\Caminova
2012-11-15 00:23 - 2012-07-25 20:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-15 00:23 - 2012-07-25 20:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-15 00:23 - 2012-07-25 18:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-15 00:23 - 2012-06-02 06:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-15 00:14 - 2012-07-25 19:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-15 00:14 - 2012-07-25 19:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-15 00:14 - 2012-07-25 19:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-15 00:14 - 2012-07-25 19:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-15 00:14 - 2012-07-25 19:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 00:14 - 2012-07-25 18:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-15 00:14 - 2012-07-25 18:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-15 00:14 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-14 22:52 - 2012-11-14 22:52 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-11-14 18:39 - 2012-10-18 10:25 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-14 18:39 - 2012-10-09 10:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-14 18:39 - 2012-10-09 10:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 18:39 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2012-11-14 18:39 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2012-11-14 18:39 - 2012-10-03 09:56 - 01914248 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-14 18:39 - 2012-10-03 09:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-14 18:39 - 2012-10-03 09:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-14 18:39 - 2012-10-03 09:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-14 18:39 - 2012-10-03 09:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-14 18:39 - 2012-10-03 09:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-14 18:39 - 2012-10-03 09:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-14 18:39 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2012-11-14 18:39 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2012-11-14 18:39 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2012-11-14 18:39 - 2012-10-03 08:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-14 18:39 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2012-11-14 18:39 - 2012-09-25 14:46 - 00095744 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-14 18:39 - 2012-01-12 23:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2012-11-12 16:33 - 2012-11-12 16:33 - 00000000 ____D C:\Program Files (x86)\WildTangent
2012-11-12 16:31 - 2012-11-12 16:31 - 00000000 ____D C:\Program Files (x86)\WildGames
2012-11-12 16:10 - 2012-11-12 16:10 - 00002626 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-11-12 16:09 - 2012-11-12 16:31 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2012-11-12 16:09 - 2012-11-12 16:10 - 00000000 ____D C:\Users\DeAnna\AppData\Roaming\WildTangent
2012-11-07 00:30 - 2012-11-07 00:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-11-02 15:37 - 2012-11-02 15:40 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-11-02 15:37 - 2012-11-02 15:37 - 00000000 ____D C:\Program Files (x86)\MocaFlix
2012-11-02 15:36 - 2012-11-02 15:36 - 00000000 ____D C:\Users\All Users\ADDICT-THING

==================== One Month Modified Files and Folders =======

2012-12-01 07:12 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-01 07:12 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-01 07:11 - 2009-07-13 21:13 - 00817938 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-01 07:07 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-01 07:06 - 2012-11-30 19:57 - 00000392 ____A C:\Windows\setupact.log
2012-12-01 06:58 - 2012-12-01 06:58 - 00000000 ____D C:\FRST
2012-11-30 23:27 - 2012-10-09 06:37 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-11-30 22:50 - 2012-11-30 22:49 - 00027552 ____A C:\AdwCleaner[S1].txt
2012-11-30 21:05 - 2012-11-30 19:25 - 00000000 ____D C:\Users\DeAnna\AppData\Local\WideSearch
2012-11-30 20:54 - 2012-03-29 11:38 - 00000000 ____D C:\Users\All Users\AVG2012
2012-11-30 20:53 - 2012-11-30 19:57 - 00000940 ____A C:\Windows\PFRO.log
2012-11-30 20:12 - 2010-07-26 14:32 - 00000000 ____D C:\HOLD
2012-11-30 20:09 - 2012-11-30 19:32 - 00000000 ____D C:\Users\DeAnna\AppData\Roaming\Free Download Manager
2012-11-30 19:57 - 2012-11-30 19:57 - 00000000 ____A C:\Windows\setuperr.log
2012-11-30 19:55 - 2012-11-30 19:27 - 00000000 ____D C:\Users\DeAnna\AppData\Local\GetBooks
2012-11-30 19:49 - 2012-03-29 06:37 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-11-30 19:49 - 2011-05-23 13:29 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-11-30 19:37 - 2012-11-30 19:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-11-30 18:44 - 2012-03-29 12:16 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-11-30 18:44 - 2012-03-29 11:24 - 00000000 ____D C:\Users\All Users\MFAData
2012-11-29 15:27 - 2010-09-09 19:32 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForDeAnna.job
2012-11-29 09:50 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2012-11-29 05:52 - 2012-05-02 15:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-11-28 22:37 - 2012-08-08 16:34 - 00000000 ____D C:\Users\DeAnna\Documents\books
2012-11-28 17:41 - 2012-11-28 17:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-11-24 21:26 - 2010-08-24 13:46 - 00000000 ____D C:\Users\DeAnna\AppData\Roaming\Hoyle Puzzle and Board Games
2012-11-24 15:09 - 2012-11-24 13:21 - 00000075 ____A C:\Users\DeAnna\Documents\Quick shopping list.txt
2012-11-24 13:53 - 2012-11-24 13:23 - 00000000 ____D C:\Users\DeAnna\AppData\Local\StickyNotes
2012-11-24 13:29 - 2012-11-24 13:23 - 00000000 ____D C:\Users\DeAnna\Downloads\StickyNotes
2012-11-24 13:25 - 2011-09-17 12:54 - 00000000 ____D C:\TMOTM
2012-11-22 22:19 - 2012-02-01 13:58 - 00000819 ____A C:\Users\DeAnna\Documents\passwords.txt
2012-11-20 07:23 - 2010-03-24 11:03 - 00000000 ____D C:\Users\All Users\Adobe
2012-11-17 18:50 - 2012-11-17 18:50 - 00000000 ____D C:\Program Files (x86)\Caminova
2012-11-17 17:54 - 2012-05-12 10:24 - 00000000 ____D C:\Users\DeAnna\AppData\Local\ClipboardManager
2012-11-15 08:53 - 2010-08-31 18:17 - 00000000 ____D C:\Users\DeAnna\AppData\Roaming\Apple Computer
2012-11-15 07:34 - 2010-07-26 12:41 - 00125896 ____A C:\Users\DeAnna\AppData\Local\GDIPFONTCACHEV1.DAT
2012-11-15 07:33 - 2009-07-13 20:45 - 00460184 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-15 00:28 - 2010-03-24 10:28 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-11-15 00:15 - 2010-07-29 10:12 - 66395536 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-11-15 00:14 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini
2012-11-14 22:52 - 2012-11-14 22:52 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-11-12 16:33 - 2012-11-12 16:33 - 00000000 ____D C:\Program Files (x86)\WildTangent
2012-11-12 16:31 - 2012-11-12 16:31 - 00000000 ____D C:\Program Files (x86)\WildGames
2012-11-12 16:31 - 2012-11-12 16:09 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2012-11-12 16:31 - 2010-03-24 00:36 - 00000000 ____D C:\Users\All Users\WildTangent
2012-11-12 16:10 - 2012-11-12 16:10 - 00002626 ____N C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
2012-11-12 16:10 - 2012-11-12 16:09 - 00000000 ____D C:\Users\DeAnna\AppData\Roaming\WildTangent
2012-11-11 18:53 - 2010-07-27 13:12 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2012-11-10 21:05 - 2010-12-11 16:08 - 00000000 ____D C:\Users\DeAnna\Documents\My Kindle Content
2012-11-07 00:30 - 2012-11-07 00:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2012-11-02 15:43 - 2011-10-17 09:31 - 00000000 ___RD C:\Users\DeAnna\Desktop\Security
2012-11-02 15:43 - 2011-10-17 09:30 - 00000000 ___RD C:\Users\DeAnna\Desktop\Mozilla
2012-11-02 15:42 - 2010-07-27 13:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-02 15:40 - 2012-11-02 15:37 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2012-11-02 15:37 - 2012-11-02 15:37 - 00000000 ____D C:\Program Files (x86)\MocaFlix
2012-11-02 15:36 - 2012-11-02 15:36 - 00000000 ____D C:\Users\All Users\ADDICT-THING
2012-11-02 14:39 - 2012-10-10 09:58 - 00000000 ____D C:\Users\DeAnna\Documents\Nutrition Counters
2012-11-02 10:02 - 2010-07-29 19:02 - 00000000 ____D C:\Users\DeAnna\Documents\OneNote Notebooks


ZeroAccess:
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\@
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\L
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\U
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\L\00000004.@
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\L\201d3dde
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\L\4cce1f70
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\L\55490ac4
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\U\00000004.@
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\U\00000008.@
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\U\000000cb.@
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\U\80000000.@
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\U\80000032.@
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-11 13:49:46
Restore point made on: 2012-11-15 00:13:27
Restore point made on: 2012-11-17 18:50:41
Restore point made on: 2012-11-25 08:52:00
Restore point made on: 2012-11-26 12:00:23
Restore point made on: 2012-11-28 12:32:52
Restore point made on: 2012-11-29 00:21:12
Restore point made on: 2012-11-30 22:15:21

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 3002.92 MB
Available physical RAM: 2323.55 MB
Total Pagefile: 3001.07 MB
Available Pagefile: 2317.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:283.77 GB) (Free:215.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:14.03 GB) (Free:2.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
6 Drive i: (Lexar) (Removable) (Total:1.87 GB) (Free:1.21 GB) FAT
7 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 1912 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 283 GB 200 MB
Partition 3 Primary 14 GB 283 GB
Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 283 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1911 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I Lexar FAT Removable 1911 MB Healthy

=========================================================

Last Boot: 2012-11-25 07:30

==================== End Of Log =============================


Farbar Recovery Scan Tool (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-12-01 07:27:21
Running from I:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by DragonMaster Jay on Sun 02 Dec 2012, 3:28 am

FRST Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 4:06 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-12-01 09:04:03 Run:1
Running from H:\

==============================================

{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharsetArial service not found.
C:\\Windows\\Installer\\\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e\}\par not found.
C:\\Windows\\assembly\\GAC_32\\Desktop.ini\par not found.
C:\\Windows\\assembly\\GAC_64\\Desktop.ini\par not found.
Could not find C:\\Windows\\System32\\services.exe\par.
Could not replece C:\\Windows\\System32\\services.exe\par.

==== End of Fixlog ====

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 4:08 am

Restarted Computer haven't seen an AVG alert yet. Does this mean it is fixed?

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 4:21 am

Did an AVG Scan, says it is still there. Bummer, did I do something wrong?

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 7:13 am

Looking at what you had me copy and paste into the notepad, I see two files that was on the desk top, they had been removed and deleted from the trash bin... Could that have messed things up?

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Sun 02 Dec 2012, 7:31 am

My daughter (it's her laptop with the virus) run two programs.... hitmanpro and Roguekiller, trying to get rid of the virus. It did'n't work by the way, so how does this affect us.. do I have to start all over again?

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by DragonMaster Jay on Mon 03 Dec 2012, 5:55 am

It is important to be patient during this process. We can get this fixed. Yes, there were many errors in the fixlog, which something may have happened on your end...

FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Mon 03 Dec 2012, 6:01 am

Thank you so much, will get to it right now.

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Mon 03 Dec 2012, 6:15 am

It seems to have worked this time. Here is the log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-11-2012
Ran by SYSTEM at 2012-12-02 11:07:43 Run:2
Running from I:\

==============================================

C:\Windows\Installer\{a5dbb9fd-7ad8-32b0-0ccd-205659c2bd7e} not found.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Tue 04 Dec 2012, 12:43 am

We scanned her computer with AVG, it said that the virus is quarantined.
Is there something we have to do with it? And are we done?
Not trying to be impatient here, just not sure what to do now.

You have been so helpful! What a blessing!


Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by DragonMaster Jay on Tue 04 Dec 2012, 5:15 am

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Tue 04 Dec 2012, 12:56 pm

I keep getting a "file not valid" error when trying to attach the TDSSKiller Log.

Don't know what I am doing wrong here.

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by DragonMaster Jay on Wed 05 Dec 2012, 4:25 am

Upload to SpeedyShare.com.
  • When you enter the site, click the center bar, "Click here to upload[...]", find the file. Select that, and upload it.
  • Once you do that, you will get a sharing link. Please post that in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Wed 05 Dec 2012, 6:19 am

[You must be registered and logged in to see this link.]

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by DragonMaster Jay on Thu 06 Dec 2012, 2:40 am

ComboFix scan

Please download ComboFix by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:

  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Thu 06 Dec 2012, 4:59 am

Had to find a AVG remove program to totally remove AVG. Will install it again when we are finished.

ComboFix 12-12-04.01 - DeAnna 12/05/2012 9:25.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1915 [GMT -8:00]
Running from: c:\hold\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\DeAnna\AppData\Local\assembly\tmp
c:\users\DeAnna\AppData\Local\WideSearch
c:\windows\_detmp.2
c:\windows\iun6002.exe
c:\windows\SysWow64\config.txt
c:\windows\SysWow64\regobj.dll
c:\windows\wt
.
.
((((((((((((((((((((((((( Files Created from 2012-11-05 to 2012-12-05 )))))))))))))))))))))))))))))))
.
.
2012-12-05 17:37 . 2012-12-05 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-05 03:33 . 2012-12-05 05:13 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2012-12-01 19:14 . 2012-12-01 19:14 30496 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-12-01 19:00 . 2012-12-01 19:12 -------- d-----w- c:\programdata\HitmanPro
2012-12-01 14:58 . 2012-12-01 14:58 -------- d-----w- C:\FRST
2012-12-01 03:37 . 2012-12-01 03:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-12-01 03:32 . 2012-12-01 04:09 -------- d-----w- c:\users\DeAnna\AppData\Roaming\Free Download Manager
2012-12-01 03:27 . 2012-12-01 03:55 -------- d-----w- c:\users\DeAnna\AppData\Local\GetBooks
2012-11-24 21:23 . 2012-11-24 21:53 -------- d-----w- c:\users\DeAnna\AppData\Local\StickyNotes
2012-11-18 02:50 . 2012-11-18 02:50 -------- d-----w- c:\program files (x86)\Caminova
2012-11-15 08:23 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 08:23 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 08:23 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 08:23 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 08:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 08:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 08:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 08:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 08:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 08:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 08:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-13 00:33 . 2012-11-13 00:33 -------- d-----w- c:\program files (x86)\WildTangent
2012-11-13 00:31 . 2012-11-13 00:31 -------- d-----w- c:\program files (x86)\WildGames
2012-11-13 00:09 . 2012-11-13 00:31 -------- d-----w- c:\program files (x86)\WildTangent Games
2012-11-13 00:09 . 2012-11-13 00:10 -------- d-----w- c:\users\DeAnna\AppData\Roaming\WildTangent
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-01 03:49 . 2012-03-29 14:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-01 03:49 . 2011-05-23 21:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 08:15 . 2010-07-29 18:12 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-28 15:50 . 2012-10-28 15:50 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-28 15:50 . 2012-06-04 14:20 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-28 15:50 . 2010-07-27 18:07 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-28 13:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 13:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 13:31 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 23:41 . 2009-07-21 19:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-10-11 23:41 . 2009-07-21 19:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-09-30 02:54 . 2010-07-27 21:16 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-14 19:19 . 2012-10-10 15:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 15:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-06-16 2736128]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"WTClient"="WTClient.exe" [2009-10-30 32768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-10-11 296096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\DeAnna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-9-20 30785672]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-26 113664]
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-5-24 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\MocaFlix\sprotector.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-12-01 30496]
R3 JLTECH0227;Dual Mode Camera;c:\windows\system32\Drivers\jl2005c.sys [2009-06-02 80880]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-23 225280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2012-08-21 15712]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-27 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-08-04 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-03-05 144896]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-28 295424]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-06-16 20:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 03:49]
.
2012-11-29 c:\windows\Tasks\HPCeeScheduleForDeAnna.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-01-29 6160928]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-13 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick
FF - prefs.js: browser.startup.homepage - about:blank
FF - ExtSQL: 2012-10-11 16:42; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: 2012-10-12 11:39; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-02 13:42; [You must be registered and logged in to see this link.]; c:\users\DeAnna\AppData\Roaming\Mozilla\Firefox\Profiles\8b9o5rv0.default\extensions\personas@christopher.beard.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
Wow6432Node-HKLM-Run- - (no file)
ShellIconOverlayIdentifiers-{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} - (no file)
ShellIconOverlayIdentifiers-{C72C6188-BEF2-46E5-A89A-52F0ED75219E} - (no file)
ShellIconOverlayIdentifiers-{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} - (no file)
ShellIconOverlayIdentifiers-{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Marine Aquarium 2, Sharks & Carousel Bundle - c:\program files (x86)\Prolific Publishing
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\Drivers\WTSRV.EXE
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-12-05 09:51:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-05 17:51
.
Pre-Run: 231,382,753,280 bytes free
Post-Run: 230,884,556,800 bytes free
.
- - End Of File - - 4400199135AA70A57CF6194E36171FDA

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by DragonMaster Jay on Thu 06 Dec 2012, 8:23 pm

Good job!

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.



Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death


Note: Absence of issues does not mean that you're protected in the future.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Voyager on Fri 07 Dec 2012, 2:58 am

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\kittens-snuggle-with-a-dog[1].txt HTML/ScrInject.B.Gen virus unable to clean
C:\Program Files (x86)\MocaFlix\sprotector.dll Win32/SProtector application cleaned by deleting - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\kittens-snuggle-with-a-dog[1].txt HTML/ScrInject.B.Gen virus deleted - quarantined

Voyager

Newbie Surfer
Newbie Surfer

Posts : 26
Joined : 2010-02-10

View user profile

Back to top Go down

Solved Re: AVG Virus detected Win68/patched.A Unable to clean or remove

Post by Sponsored content Today at 9:38 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum