Page 1 of 4 123 ... LastLast
Results 1 to 10 of 34
  1. #1
    Member
    Join Date
    Dec 2012
    Posts
    18
    Points
    0

    Default Rivalgaming.com virus

    Sorry, I know there is an existing thread for this, but it has been locked. I understand that users have been asked to download DDS.scr or DDS.pif and run it. I have done so, and am pasting the results below. If I have done anything improper, I apologize and request that one of the admins informme of what I need to do. Thank you.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2
    Run by Admin at 7:30:17 on 2012-12-06
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5919.3301 [GMT -7:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
    C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\PDF Complete\pdfsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\IDT\WDM\beats64.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    C:\Program Files (x86)\LivePerson\Expert\LPExpertMessenger.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\SysWOW64\WinMsgBalloonServer.exe
    C:\Windows\SysWOW64\WinMsgBalloonClient.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
    C:\Windows\System32\taskmgr.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mWinlogon: Userinit = userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coieplg.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
    StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIVEPE~1.LNK - C:\Program Files (x86)\LivePerson\Expert\LPExpertMessenger.exe
    StartupFolder: C:\Users\Admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - C:\Users\Admin\AppData\Local\Temp\f5tmp\urxvpn.cab
    DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - C:\Users\Admin\AppData\Local\Temp\f5tmp\f5tunsrv.cab
    DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://employee.alpineaccess.com/vdesk/terminal/InstallerControl.cab
    DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - C:\Users\Admin\AppData\Local\Temp\f5tmp\urxshost.cab
    DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - C:\Users\Admin\AppData\Local\Temp\f5tmp\urxhost.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{702B7FD3-A693-40F5-A4BA-909605E52667} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
    x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    x64-Run: [SBRegRebootCleaner] "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lynlyake.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2012-11-29 05:56; avg@toolbar; C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar.tlbrSrchUrl, hxxp://search.babylon.com/?babsrc=TB_def&mntrId=48433df900000000000050e549dcbeae&q=
    FF - user.js: extensions.BabylonToolbar.id - 48433df900000000000050e549dcbeae
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15644
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.817:05:14
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2012-3-21 280656]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys [2012-10-1 451192]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys [2012-10-1 1129120]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-29 30568]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-12-3 1384608]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys [2012-10-1 167072]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20121204.001\IDSviA64.sys [2012-12-5 513184]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys [2012-10-1 190072]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys [2012-10-1 405624]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-21 89600]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-21 204288]
    R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-5-13 128904]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-20 249648]
    R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
    R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-21 1128952]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-6 1153368]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-11-22 3290304]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-29 711112]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-3-21 231440]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-26 138912]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-21 565352]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-3-21 136000]
    R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-3-21 409408]
    R3 urvpndrv;F5 Networks VPN Adapter;C:\Windows\System32\drivers\covpnv64.sys [2011-11-28 44112]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-3-21 47232]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-8-1 195320]
    S3 f5ipfw;F5 Networks StoneWall Filter;C:\Windows\System32\drivers\urfltv64.sys [2012-4-3 18512]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-4-3 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-2 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-12-06 08:47:14 -------- d-----w- C:\Users\Admin\AppData\Local\{5A799BC8-6890-4AA4-A75B-67D8BC0F54AF}
    2012-12-05 20:46:52 -------- d-----w- C:\Users\Admin\AppData\Local\{1D80C536-0FA4-4656-A6A1-5FDAE38186E2}
    2012-12-05 08:46:31 -------- d-----w- C:\Users\Admin\AppData\Local\{88036C54-1BC0-475F-A712-7F0567D5C0EF}
    2012-12-04 09:37:05 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3291A7CC-FB47-426F-B95D-CFA79BE3F5EF}\mpengine.dll
    2012-12-04 08:45:47 -------- d-----w- C:\Users\Admin\AppData\Local\{E94F3D78-6013-453A-9FBF-6642C145735E}
    2012-11-29 13:02:20 -------- d-----w- C:\Users\Admin\AppData\Local\WinZip
    2012-11-29 12:56:43 -------- d-----w- C:\Users\Admin\AppData\Local\AVG Secure Search
    2012-11-29 12:56:40 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-11-29 12:56:30 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-11-29 12:56:28 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-11-29 12:56:27 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-11-29 08:41:57 -------- d-----w- C:\Users\Admin\AppData\Local\{1B5E8E61-637C-4FEF-9C3A-FCBC63F32AD4}
    2012-11-21 08:36:10 -------- d-----w- C:\Users\Admin\AppData\Local\{9EA112D7-43C1-4E6A-8C55-3D7B2C015447}
    2012-11-20 23:11:34 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
    2012-11-20 23:10:45 -------- d-----w- C:\Users\Admin\AppData\Roaming\hpqLog
    2012-11-20 20:35:04 -------- d-----w- C:\Users\Admin\AppData\Local\{5F088CFC-F9D2-47A4-94ED-741F63492BB9}
    2012-11-14 20:30:52 -------- d-----w- C:\Users\Admin\AppData\Local\{3DF752E0-0A53-4369-B922-0360AD694AF2}
    2012-11-14 10:11:52 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2012-11-14 10:11:51 9728 ----a-w- C:\Windows\System32\Wdfres.dll
    2012-11-14 10:11:51 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
    2012-11-14 10:11:51 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
    2012-11-14 10:00:44 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
    2012-11-14 10:00:44 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
    2012-11-14 10:00:44 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
    2012-11-14 10:00:44 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
    2012-11-14 10:00:43 744448 ----a-w- C:\Windows\System32\WUDFx.dll
    2012-11-14 10:00:43 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
    2012-11-14 10:00:43 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
    2012-11-14 04:44:32 -------- d-----w- C:\Users\Admin\AppData\Local\{2ED4AA88-F847-4D47-B120-94ED05ED1074}
    2012-11-13 16:44:11 -------- d-----w- C:\Users\Admin\AppData\Local\{F3F5508C-9241-461F-9C29-A855ADB207D3}
    2012-11-13 04:43:49 -------- d-----w- C:\Users\Admin\AppData\Local\{B2CC3E65-0520-4708-838F-60937350E251}
    2012-11-12 16:43:28 -------- d-----w- C:\Users\Admin\AppData\Local\{26F31469-D3FC-4549-A6B2-1EEE1738232C}
    2012-11-12 04:43:05 -------- d-----w- C:\Users\Admin\AppData\Local\{F4889C15-A22F-4D38-B74D-06E9E85107A2}
    2012-11-11 16:42:44 -------- d-----w- C:\Users\Admin\AppData\Local\{05718769-CF36-47D9-B923-94FECBF7826B}
    2012-11-11 04:42:22 -------- d-----w- C:\Users\Admin\AppData\Local\{3840FC5A-0622-4886-852F-CE875900CC24}
    2012-11-10 16:42:01 -------- d-----w- C:\Users\Admin\AppData\Local\{3F040036-4684-4246-A91C-ED70BC3116A8}
    2012-11-10 04:41:39 -------- d-----w- C:\Users\Admin\AppData\Local\{F9C481CF-4521-4363-B058-75D5CC3FC93D}
    2012-11-09 16:41:18 -------- d-----w- C:\Users\Admin\AppData\Local\{FF459D36-017D-4F44-9ADB-E8FF94ED0963}
    2012-11-09 04:40:56 -------- d-----w- C:\Users\Admin\AppData\Local\{8F111175-76E1-437D-AAEA-638E917B6135}
    2012-11-08 16:40:34 -------- d-----w- C:\Users\Admin\AppData\Local\{58EA8A4F-F754-4875-BBD0-8375E5B8F244}
    2012-11-08 04:54:18 -------- d-----w- C:\Users\Admin\AppData\Roaming\TweetAdder3
    2012-11-08 04:40:12 -------- d-----w- C:\Users\Admin\AppData\Local\{360FDB9B-27EE-4BCD-ABD0-B052FE2C1DB7}
    2012-11-07 16:39:50 -------- d-----w- C:\Users\Admin\AppData\Local\{86E72818-282E-4585-848D-A1704D96A7E8}
    2012-11-07 04:39:28 -------- d-----w- C:\Users\Admin\AppData\Local\{BA9BCE8D-3494-4607-A9C2-0C7240BC1B8C}
    2012-11-06 16:39:07 -------- d-----w- C:\Users\Admin\AppData\Local\{2BF4C4AE-06DF-4B0B-84A3-5E8229894F54}
    .
    ==================== Find3M ====================
    .
    2012-11-14 20:32:31 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-14 20:32:31 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-11-01 22:54:59 4608 ----a-w- C:\Windows\SysWow64\edxmrcpu.dll
    2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
    2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
    2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
    2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
    2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
    2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
    2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
    2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
    2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
    2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
    2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
    2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
    2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
    2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
    2012-09-25 05:16:33 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-10 02:52:24 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-09-10 02:52:24 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 7:30:55.09 ===============

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi

    Welcome to Help2Go

    What Anti Virus progran are you using now?

    Next
    Download AdwCleaner
    • Double click on AdwCleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click the Search button.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your next reply.
    • Or you can find the logfile at C:\AdwCleaner[R1].txt.


    You're are missing a log report from the DDS Scan called attach.txt, can you post it.

    In your next reply:

    • Post the adwCleaner log.
    • Tell me what Anti Virus your using.
    • Post the missing attach.txt log asked for.


    Joe

  3. #3
    Member
    Join Date
    Dec 2012
    Posts
    18
    Points
    0

    Default

    Here it is my friends, and thanks:

    # AdwCleaner v2.011 - Logfile created 12/06/2012 at 19:30:18
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Admin - ADMIN-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Admin\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    Folder Found : C:\Program Files (x86)\AVG Secure Search
    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found : C:\ProgramData\AVG Secure Search
    Folder Found : C:\ProgramData\boost_interprocess
    Folder Found : C:\Users\Admin\AppData\Local\AVG Secure Search
    Folder Found : C:\Users\Admin\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\Crossrider
    Key Found : HKCU\Software\AVG Secure Search
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\Software\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKU\S-1-5-21-1116467613-425456651-3602987751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Found : HKU\S-1-5-21-1116467613-425456651-3602987751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKU\S-1-5-21-1116467613-425456651-3602987751-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lynlyake.default\prefs.js

    Found : user_pref("extensions.BabylonToolbar.admin", false);
    Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Found : user_pref("extensions.BabylonToolbar.id", "48433df900000000000050e549dcbeae");
    Found : user_pref("extensions.BabylonToolbar.instlDay", "15644");
    Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
    Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
    Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=116295&tt=31101[...]
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.817:05:14");

    *************************

    AdwCleaner[R1].txt - [7734 octets] - [06/12/2012 19:30:18]

    ########## EOF - C:\AdwCleaner[R1].txt - [7794 octets] ##########

  4. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Please rescan with AdwCleaner.
    Double-click AdwCleaner.exe to run the tool.
    Click Delete.
    Everything that was found will be deleted.
    Save and open files and approve the reboot. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.

    You're are missing a log report from the DDS Scan called attach.txt, can you post it.

  5. #5
    Member
    Join Date
    Dec 2012
    Posts
    18
    Points
    0

    Default

    Report follows, and thanks.

    # AdwCleaner v2.011 - Logfile created 12/06/2012 at 19:56:01
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Admin - ADMIN-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Admin\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    Folder Deleted : C:\Program Files (x86)\AVG Secure Search
    Folder Deleted : C:\ProgramData\AVG Secure Search
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\Users\Admin\AppData\Local\AVG Secure Search
    Folder Deleted : C:\Users\Admin\AppData\LocalLow\AVG Secure Search

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
    Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lynlyake.default\prefs.js

    C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lynlyake.default\user.js ... Deleted !

    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.id", "48433df900000000000050e549dcbeae");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15644");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=116295&tt=31101[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.817:05:14");

    *************************

    AdwCleaner[R1].txt - [7847 octets] - [06/12/2012 19:30:18]
    AdwCleaner[R2].txt - [7907 octets] - [06/12/2012 19:54:41]
    AdwCleaner[S2].txt - [7661 octets] - [06/12/2012 19:56:01]

    ########## EOF - C:\AdwCleaner[S2].txt - [7721 octets] ##########

  6. #6
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi,

    That first scan you ran was DDS, that scan makes 2 logs, you only posted one of them. I need to see the other it's called attach.txt it usually gets minimized to the task bar, can't find it then run dds again. you can just post it as normal, it says to zip it, just copy an paste it to the forum like the others.

    Joe

  7. #7
    Member
    Join Date
    Dec 2012
    Posts
    18
    Points
    0

    Default

    # AdwCleaner v2.011 - Logfile created 12/06/2012 at 21:29:15
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Admin - ADMIN-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Admin\Downloads\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lynlyake.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7847 octets] - [06/12/2012 19:30:18]
    AdwCleaner[R2].txt - [7907 octets] - [06/12/2012 19:54:41]
    AdwCleaner[R3].txt - [886 octets] - [06/12/2012 21:29:15]
    AdwCleaner[S2].txt - [7774 octets] - [06/12/2012 19:56:01]

    ########## EOF - C:\AdwCleaner[R3].txt - [1005 octets] ##########

    # AdwCleaner v2.011 - Logfile created 12/06/2012 at 21:30:52
    # Updated 02/12/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Admin - ADMIN-HP
    # Boot Mode : Normal
    # Running from : C:\Users\Admin\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16455

    [OK] Registry is clean.

    -\\ Mozilla Firefox v17.0.1 (en-US)

    Profile name : default
    File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lynlyake.default\prefs.js

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [7847 octets] - [06/12/2012 19:30:18]
    AdwCleaner[R2].txt - [7907 octets] - [06/12/2012 19:54:41]
    AdwCleaner[R3].txt - [1074 octets] - [06/12/2012 21:29:15]
    AdwCleaner[S2].txt - [7774 octets] - [06/12/2012 19:56:01]
    AdwCleaner[S4].txt - [1011 octets] - [06/12/2012 21:30:52]

    ########## EOF - C:\AdwCleaner[S4].txt - [1071 octets] ##########

  8. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Please download Malwarebytes' Anti-Malware to your desktop from here --> http://www.malwarebytes.org/products/malwarebytes_free/
    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    Copy&Paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  9. #9
    Member
    Join Date
    Dec 2012
    Posts
    18
    Points
    0

    Default

    Malwarebytes Anti-Malware (Trial) 1.65.1.1000
    Malwarebytes : Free anti-malware download

    Database version: v2012.12.07.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Admin :: ADMIN-HP [administrator]

    Protection: Enabled

    12/7/2012 04:48:19
    mbam-log-2012-12-07 (04-48-19).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 224359
    Time elapsed: 8 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Admin\Downloads\allegiance.exe (Adware.Solimba.Lame) -> Quarantined and deleted successfully.

    (end)

  10. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi,

    Please download MiniToolBox http://download.bleepingcomputer.com...iniToolBox.exe and run it.

    Checkmark following boxes:

    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size
    • List Devices (Only Problems)


    Click Go and post the result.

Page 1 of 4 123 ... LastLast