Hi all! Looking for a hand with fixlist.txt!

jrichter73 · Mar 1, 2014

Hi folks!

I'm trying to help my GF's work pc from being murdered and there's a nasty Win64.PatchedB attachment on the rpcss file. I ran FRST and this was the logs with that file search attached.

Thank you all for any assistance! It looks like they tried to delete some files themselves.. ugh. So there's missing files for the "sweet" maleware. etc..

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-03-2014
Ran by Tatoo Addiction (administrator) on TATOOADDICTION1 on 01-03-2014 12:59:28
Running from C:\VIRUS REMOVAL 2014
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4962320 2014-01-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-21] (AVAST Software)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-28] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Tatoo Addiction\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=al...BtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1955167860
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {FA891B66-7F2C-40F4-A6E0-25D31D7ACB59} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0EtByEtBtBtDzzyD0EtBtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1955167860
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={5338F5D7-A14C-11E2-A8A3-B8AC6FE24220}
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {FA891B66-7F2C-40F4-A6E0-25D31D7ACB59}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={5338F5D7-A14C-11E2-A8A3-B8AC6FE24220}
SearchScopes: HKLM-x32 - {FA891B66-7F2C-40F4-A6E0-25D31D7ACB59} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0EtByEtBtBtDzzyD0EtBtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1955167860
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - Backup.Old.DefaultScope {FA891B66-7F2C-40F4-A6E0-25D31D7ACB59}
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&affID=113959&tt=bandext_3312_7&babsrc=SP_ss&mntrId=c28e85e2000000000000b8ac6fe24220
SearchScopes: HKCU - {1AA6BF35-C9BA-43D2-8777-66C814CA50B0} URL = http://www.mysearchresults.com/search?&c=2633&t=03&q={searchTerms}
SearchScopes: HKCU - {206A3C49-2EE9-DD9D-0959-759093BEE3FA} URL =
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {5852D837-6E63-4711-89D6-678B0EC91DE1} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120415,17118,0,18,0
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80915&iwk=245&lng=en
SearchScopes: HKCU - {C3CAF823-50F9-4CF6-A3EE-186E14E3EBCF} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3266331&CUI=UN41691724442218764
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&
SearchScopes: HKCU - {FA891B66-7F2C-40F4-A6E0-25D31D7ACB59} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1Qzu0Bzz0A0CyC0F0EtByEtBtBtDzzyD0EtBtN0D0Tzu0CtBtDyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=1955167860
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Updater By SweetPacks - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No File
Handler-x32: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF ProfilePath: C:\Users\Tatoo Addiction\AppData\Roaming\Mozilla\Firefox\Profiles\x2bahypr.default
FF NewTab: hxxp://www.sweetpacks-search.com/?barid=&src=97&
FF DefaultSearchEngine: Sweetpacks Search
FF SelectedSearchEngine: Sweetpacks Search
FF Homepage: https://www.google.com/
FF Keyword.URL: hxxp://mysearch.sweetpacks.com?src=6&barid=&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Users\Tatoo Addiction\AppData\Local\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Users\Tatoo Addiction\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Users\Tatoo Addiction\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF SearchPlugin: C:\Users\Tatoo Addiction\AppData\Roaming\Mozilla\Firefox\Profiles\x2bahypr.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Tatoo Addiction\AppData\Roaming\Mozilla\Firefox\Profiles\x2bahypr.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\Tatoo Addiction\AppData\Roaming\Mozilla\Firefox\Profiles\x2bahypr.default\searchplugins\Sweetpacks Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: SweetPacks Toolbar for Firefox - C:\Users\Tatoo Addiction\AppData\Roaming\Mozilla\Firefox\Profiles\x2bahypr.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013-04-09]
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.91 [2014-02-26]
FF HKCU\...\Firefox\Extensions: [{ED76C299-85BC-4891-9237-74A140C28832}] - C:\Program Files (x86)\RebateInformer\Firefox\
FF Extension: No Name - C:\Program Files (x86)\RebateInformer\Firefox\ []

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-21] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-26] (AVAST Software)
R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3788816 2014-01-22] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1772056 2014-02-26] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-02-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-21] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-02-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-21] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-21] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-02-26] (AVG Technologies)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U5 BITS; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-01 12:59 - 2014-03-01 12:59 - 00000000 ____D () C:\FRST
2014-03-01 12:44 - 2014-03-01 12:59 - 00000000 ____D () C:\VIRUS REMOVAL 2014
2014-03-01 11:31 - 2014-03-01 11:48 - 00000000 ____D () C:\Users\Tatoo Addiction\Desktop\Internet Ref
2014-02-26 12:07 - 2014-02-26 12:07 - 00000000 ____D () C:\Users\Tatoo Addiction\AppData\Roaming\AVAST Software
2014-02-26 12:03 - 2014-02-26 12:14 - 00000000 ____D () C:\Users\Tatoo Addiction\AppData\Local\AVG SafeGuard toolbar
2014-02-26 12:02 - 2014-02-28 12:32 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-26 12:02 - 2014-02-26 12:02 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-26 12:02 - 2014-02-26 12:02 - 00003589 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-02-26 12:02 - 2014-02-26 12:02 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-26 12:02 - 2014-02-26 12:02 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-02-26 11:54 - 2014-03-01 12:32 - 00002224 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-02-26 11:54 - 2014-02-26 11:54 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-02-26 11:54 - 2014-02-26 11:54 - 00002034 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-26 11:53 - 2014-02-26 11:53 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-21 23:40 - 2014-02-21 23:40 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\wijagrds.sys
2014-02-21 23:38 - 2014-02-28 12:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-21 23:33 - 2014-02-21 23:33 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\zdndbrja.sys
2014-02-21 23:32 - 2014-02-26 11:59 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-21 23:28 - 2014-02-21 23:28 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\kknfzrcw.sys
2014-02-21 23:27 - 2014-02-21 23:27 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\hygnwogx.sys
2014-02-21 23:27 - 2014-02-21 23:27 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\hpljsjza.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-21 23:18 - 2014-02-21 23:18 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 23:03 - 2014-02-21 23:08 - 00000000 ____D () C:\avast remove
2014-02-18 13:58 - 2014-02-26 12:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-18 13:28 - 2014-02-18 13:29 - 58080904 _____ (Microsoft Corporation) C:\Users\Tatoo Addiction\Desktop\EIE11_EN-US_WOL_WIN764.EXE
2014-02-15 18:25 - 2014-02-15 18:28 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-02-15 17:58 - 2014-02-15 17:58 - 01805736 _____ (Symantec Corporation) C:\Users\Tatoo Addiction\Desktop\FixZeroAccess.exe
2014-02-15 17:56 - 2014-02-15 17:56 - 10652120 _____ (Malwarebytes Corporation ) C:\Users\Tatoo Addiction\Desktop\mbam-setup-1.62.0.1300.exe

==================== One Month Modified Files and Folders =======

2014-03-01 12:59 - 2014-03-01 12:59 - 00000000 ____D () C:\FRST
2014-03-01 12:59 - 2014-03-01 12:44 - 00000000 ____D () C:\VIRUS REMOVAL 2014
2014-03-01 12:58 - 2012-05-19 11:59 - 00003994 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{9D3E65C8-597E-436B-9803-96B0ADDBC9ED}
2014-03-01 12:48 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-01 12:48 - 2009-07-13 22:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-01 12:45 - 2009-07-13 23:13 - 00779898 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-01 12:43 - 2009-07-13 23:10 - 02061429 _____ () C:\Windows\WindowsUpdate.log
2014-03-01 12:39 - 2013-01-22 11:54 - 00000354 _____ () C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-03-01 12:39 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-01 12:39 - 2009-07-13 22:51 - 00094318 _____ () C:\Windows\setupact.log
2014-03-01 12:32 - 2014-02-26 11:54 - 00002224 _____ () C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-03-01 12:01 - 2012-07-08 11:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-01 11:55 - 2013-02-20 13:43 - 00000000 ____D () C:\Users\Tatoo Addiction\Desktop\desktop stuff
2014-03-01 11:54 - 2012-05-18 19:41 - 00000000 ____D () C:\Users\Tatoo Addiction\Desktop\Bobbys Stuff
2014-03-01 11:48 - 2014-03-01 11:31 - 00000000 ____D () C:\Users\Tatoo Addiction\Desktop\Internet Ref
2014-03-01 11:36 - 2013-08-11 13:10 - 00000000 ____D () C:\Users\Tatoo Addiction\Desktop\Alison's stuff
2014-03-01 11:35 - 2012-07-22 19:10 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-28 12:32 - 2014-02-26 12:02 - 00000000 ____D () C:\Program Files (x86)\AVG SafeGuard toolbar
2014-02-28 12:31 - 2014-02-21 23:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-26 12:14 - 2014-02-26 12:03 - 00000000 ____D () C:\Users\Tatoo Addiction\AppData\Local\AVG SafeGuard toolbar
2014-02-26 12:07 - 2014-02-26 12:07 - 00000000 ____D () C:\Users\Tatoo Addiction\AppData\Roaming\AVAST Software
2014-02-26 12:06 - 2012-01-10 12:01 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-26 12:06 - 2011-03-17 02:11 - 00150844 _____ () C:\Windows\PFRO.log
2014-02-26 12:02 - 2014-02-26 12:02 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2014-02-26 12:02 - 2014-02-26 12:02 - 00003589 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-02-26 12:02 - 2014-02-26 12:02 - 00000967 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-02-26 12:02 - 2014-02-26 12:02 - 00000000 ____D () C:\ProgramData\AVG SafeGuard toolbar
2014-02-26 12:02 - 2014-02-18 13:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-26 11:59 - 2014-02-21 23:32 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-02-26 11:54 - 2014-02-26 11:54 - 00440672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-02-26 11:54 - 2014-02-26 11:54 - 00002034 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-02-26 11:53 - 2014-02-26 11:53 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-02-22 13:14 - 2013-08-11 13:42 - 00000000 ____D () C:\Users\Tatoo Addiction\Desktop\Anti-virus stuff
2014-02-21 23:40 - 2014-02-21 23:40 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\wijagrds.sys
2014-02-21 23:33 - 2014-02-21 23:33 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\zdndbrja.sys
2014-02-21 23:28 - 2014-02-21 23:28 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\kknfzrcw.sys
2014-02-21 23:27 - 2014-02-21 23:27 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\hygnwogx.sys
2014-02-21 23:27 - 2014-02-21 23:27 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\hpljsjza.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-21 23:18 - 2014-02-21 23:18 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-21 23:18 - 2014-02-21 23:18 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-21 23:18 - 2012-01-10 12:01 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-21 23:08 - 2014-02-21 23:03 - 00000000 ____D () C:\avast remove
2014-02-21 23:07 - 2012-01-10 12:01 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-21 18:02 - 2012-07-08 11:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 18:02 - 2012-07-08 11:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 18:02 - 2012-02-25 11:49 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-18 17:18 - 2013-02-20 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-18 15:19 - 2013-11-06 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-02-18 13:29 - 2014-02-18 13:28 - 58080904 _____ (Microsoft Corporation) C:\Users\Tatoo Addiction\Desktop\EIE11_EN-US_WOL_WIN764.EXE
2014-02-15 18:33 - 2013-02-20 14:09 - 00000000 ____D () C:\Users\Tatoo Addiction\AppData\Roaming\uTorrent
2014-02-15 18:28 - 2014-02-15 18:25 - 00027256 _____ (Symantec Corporation) C:\Windows\system32\Drivers\FixZeroAccess.sys
2014-02-15 18:22 - 2013-06-20 12:29 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2014-02-15 18:22 - 2013-04-09 13:37 - 00000000 ____D () C:\Program Files (x86)\Tuguu SL
2014-02-15 18:22 - 2013-04-09 13:33 - 00000000 ____D () C:\Program Files (x86)\SweetIM
2014-02-15 18:22 - 2013-03-08 15:58 - 00000000 ____D () C:\Users\Tatoo Addiction\AppData\Roaming\24x7 Help
2014-02-15 17:59 - 2013-03-14 10:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-15 17:58 - 2014-02-15 17:58 - 01805736 _____ (Symantec Corporation) C:\Users\Tatoo Addiction\Desktop\FixZeroAccess.exe
2014-02-15 17:56 - 2014-02-15 17:56 - 10652120 _____ (Malwarebytes Corporation ) C:\Users\Tatoo Addiction\Desktop\mbam-setup-1.62.0.1300.exe
2014-02-15 17:49 - 2012-01-10 08:37 - 00000000 ____D () C:\Users\Tatoo Addiction
2014-02-15 17:48 - 2013-04-09 13:33 - 00000000 ____D () C:\Program Files (x86)\Supreme Savings
2014-02-15 17:48 - 2013-04-09 13:33 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-02-15 17:48 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2014-02-15 17:47 - 2013-10-23 12:09 - 00000000 ____D () C:\Windows\SysWOW64\jmdp
2014-02-15 17:47 - 2013-10-23 12:09 - 00000000 ____D () C:\Windows\system32\ljkb
2014-02-15 17:47 - 2013-08-13 08:46 - 00000000 ____D () C:\Windows\Minidump
2014-02-15 17:47 - 2013-06-20 12:29 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2014-02-15 17:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-15 17:47 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-02-15 17:14 - 2011-03-17 00:34 - 00000000 ____D () C:\ProgramData\Sonic

ZeroAccess:
C:\Windows\Installer\{dd33102e-8d64-35cf-b5d7-2223dc01c933}

ZeroAccess:
C:\Users\Tatoo Addiction\AppData\Local\{dd33102e-8d64-35cf-b5d7-2223dc01c933}
C:\Users\Tatoo Addiction\AppData\Local\{dd33102e-8d64-35cf-b5d7-2223dc01c933}\@

Some content of TEMP:
====================
C:\Users\Tatoo Addiction\AppData\Local\Temp\avguidx.dll
C:\Users\Tatoo Addiction\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\hsbing_717_active.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\oi_{2B3D84CA-B30B-424F-AACD-D338A2EEC7DE}.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\oi_{502B46A1-ABE6-4C65-989A-D9144A0B2C6E}.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\oi_{881AC595-9080-4406-87A4-91ACB2AB8F0F}.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\tbFree.dll
C:\Users\Tatoo Addiction\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Tatoo Addiction\AppData\Local\Temp\uninstaller.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\winziprosetup_20130213.exe
C:\Users\Tatoo Addiction\AppData\Local\Temp\WSSetup.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2012-01-13 12:35] - [2010-11-20 07:27] - 0512512 ____A (Microsoft Corporation) 9913B2231E7F0083A11AA38E5CE784EF

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

LastRegBack: 2014-02-14 17:47

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by Tatoo Addiction at 2014-03-01 13:00:03
Running from C:\VIRUS REMOVAL 2014
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

==================== Installed Programs ======================

7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.1.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4335 - AVG Technologies)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4335 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 17.3.1.91 - AVG Technologies)
Best Buy pc app (Version: 3.1.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.1.0.0 - Best Buy) Hidden
Canon MF4320-4350 (HKLM\...\{99A5569D-9F86-4f32-A227-1538B731DA42}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.0.6 - Dell Inc.)
DIRECTV Player (HKLM-x32\...\{43D1B973-3D12-42ba-9E6E-56A8FEFF5250}) (Version: 8.0 - DIRECTV)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version: - Tuguu SLU)
Dynamic-Photo HDR 5 (HKLM-x32\...\Dynamic-Photo HDR 5_is1) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
Internet Explorer Toolbar 4.7 by SweetPacks (HKLM-x32\...\{80F3F10B-A177-4494-93CE-98090D819093}) (Version: 4.7.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 23 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416023FF}) (Version: 6.0.230 - Oracle)
Java(TM) 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Vault (HKLM-x32\...\{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1) (Version: - Crawler.com)
Optimizer Pro v3.0 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.0 - PC Utilities Pro) <==== ATTENTION
PC Power Speed 1.1.0.36 (HKLM-x32\...\{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1) (Version: 1.1.0.36 - Crawler, LLC.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
RebateInformer (HKLM-x32\...\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1) (Version: 1.0.0.87 - Inbox.com, Inc.)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Supreme Savings (HKLM-x32\...\Supreme Savings) (Version: 1.26.153.3 - Innovative Apps) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Updater By SweetPacks 2.0.0.609 (HKLM\...\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1) (Version: 2.0.0.609 - SweetPacks) <==== ATTENTION
VAFPlayer (HKLM-x32\...\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}) (Version: 1.6.8 - Tuguu SL)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Restore Points =========================

29-10-2013 17:01:04 Scheduled Checkpoint
05-11-2013 18:14:03 Scheduled Checkpoint
06-11-2013 22:38:53 Restore Operation
14-02-2014 23:54:34 Scheduled Checkpoint
22-02-2014 05:17:44 avast! antivirus system restore point
22-02-2014 05:35:31 avast! antivirus system restore point
26-02-2014 17:47:32 avast! antivirus system restore point
26-02-2014 17:59:49 Installed AVG 2014

==================== Hosts content: ==========================

2009-07-13 20:34 - 2012-08-03 15:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0115AC96-AC30-44A4-AC50-D4F8DDADEB1E} - System32\Tasks\{E5C3FBD2-E1A0-4760-B586-3096346700E1} => Chrome.exe
Task: {9AF4E908-74D8-49A2-A4F9-AE42D02E6724} - System32\Tasks\4812 => Wscript.exe C:\Users\TATOOA~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {AA253AAF-3BC2-4856-82D6-8C4CF241168B} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {AC5A3201-57AB-4429-B748-01448FCB667E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {B6F956B4-DBF7-43D5-96B3-CD72A3AAC3C2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {BF8427EB-B58A-40A0-B609-D57212857618} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {C9E80BA0-481D-4594-AA02-CE082074FF21} - System32\Tasks\Updater19962.exe => C:\Users\Tatoo
Task: {F07E6EDC-D7B9-4564-9DF3-4F0D99D8A629} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-21] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2014-02-26 12:02 - 2014-02-26 12:02 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
2010-11-17 09:35 - 2010-11-17 09:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-26 12:02 - 2014-02-28 12:32 - 02552856 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-03-01 11:27 - 2014-03-01 04:15 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14030100\algo.dll
2014-02-26 12:02 - 2014-02-26 12:02 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2010-11-24 21:44 - 2010-11-24 21:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-02-21 23:18 - 2014-02-21 23:18 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-18 13:58 - 2014-02-18 13:58 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-26 12:02 - 2014-02-26 12:02 - 00649752 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\NativeBrowserApi\17.3.0\NativeBrowserApi.dll
2012-05-10 02:29 - 2012-05-10 02:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\dc45bfd22b86df0074e8e521ada8d55f\IsdiInterop.ni.dll
2011-03-17 00:18 - 2010-03-03 19:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-02-21 18:02 - 2014-02-21 18:02 - 16265096 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: 24x7HELP => "C:\Program Files (x86)\24x7Help\App24x7Help.exe" /STARTUP
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: InboxToolbar => "C:\Program Files (x86)\Inbox Toolbar\Inbox.exe" /STARTUP
MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
MSCONFIG\startupreg: Online Vault => "C:\Program Files (x86)\OnlineVault\OVTray.exe"
MSCONFIG\startupreg: PCPowerSpeed => "C:\Program Files (x86)\PCPowerSpeed\PCPowerTray.exe" /startup
MSCONFIG\startupreg: PCShowServer => "C:\Users\Tatoo Addiction\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
MSCONFIG\startupreg: RebateInformer => C:\PROGRA~2\REBATE~1\REBATE~1.EXE /STARTUP
MSCONFIG\startupreg: sdxef8kuhATdBf => C:\ProgramData\sdxef8kuhATdBf.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: UDtCjiKmdtFgcVv.exe => C:\ProgramData\UDtCjiKmdtFgcVv.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2014 00:49:44 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (03/01/2014 00:37:38 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. hr=0x80070057
6.1.7601.17514

Error: (03/01/2014 00:36:37 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000007748000a
Faulting process id: 0x3e0
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (03/01/2014 11:37:08 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/28/2014 00:40:32 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/26/2014 00:23:51 PM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/26/2014 00:08:56 PM) (Source: Software Protection Platform Service) (User: )
Description: The Software Protection service failed to start. hr=0x80070057
6.1.7601.17514

Error: (02/26/2014 00:08:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000077c3000a
Faulting process id: 0x3d4
Faulting application start time: 0xsvchost.exe0
Faulting application path: svchost.exe1
Faulting module path: svchost.exe2
Report Id: svchost.exe3

Error: (02/26/2014 00:01:01 PM) (Source: MsiInstaller) (User: TatooAddiction1)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\MFAData\pack\base2a.cab. Verify that the file exists and that you can access it.

Error: (02/26/2014 11:51:53 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

System errors:
=============
Error: (03/01/2014 00:40:12 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/01/2014 00:40:12 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/01/2014 00:39:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/01/2014 00:39:36 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (03/01/2014 00:39:35 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with the following error:
%%4203

Error: (03/01/2014 00:39:33 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/01/2014 00:37:40 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service terminated with the following error:
%%-2147467243

Error: (03/01/2014 00:37:38 PM) (Source: Service Control Manager) (User: )
Description: The Software Protection service failed to start due to the following error:
%%1053

Error: (03/01/2014 00:37:38 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Error: (03/01/2014 00:37:38 PM) (Source: Service Control Manager) (User: )
Description: The Roxio Hard Drive Watcher 12 service terminated with the following error:
%%-2147221165

Microsoft Office Sessions:
=========================
Error: (03/01/2014 00:49:44 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (03/01/2014 00:37:38 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x800700576.1.7601.17514

Error: (03/01/2014 00:36:37 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c0000005000000007748000a3e001cf357cfcfdc6ecC:\Windows\system32\svchost.exeunknown6ba68794-a170-11e3-a42c-b8ac6fe24220

Error: (03/01/2014 11:37:08 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/28/2014 00:40:32 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/26/2014 00:23:51 PM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

Error: (02/26/2014 00:08:56 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x800700576.1.7601.17514

Error: (02/26/2014 00:08:07 PM) (Source: Application Error)(User: )
Description: svchost.exe6.1.7600.163854a5bc3c1unknown0.0.0.000000000c00000050000000077c3000a3d401cf331d79db79caC:\Windows\system32\svchost.exeunknownf0d7d9cd-9f10-11e3-830c-b8ac6fe24220

Error: (02/26/2014 00:01:01 PM) (Source: MsiInstaller)(User: TatooAddiction1)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2014 -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\MFAData\pack\base2a.cab. Verify that the file exists and that you can access it.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (02/26/2014 11:51:53 AM) (Source: CVHSVC)(User: )
Description: Error: Initialization failed 0x80070424 Type: 88::UnexpectedError.

CodeIntegrity Errors:
===================================
Date: 2012-08-03 16:32:52.824
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-08-03 16:32:52.793
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 3036.98 MB
Available physical RAM: 1494.99 MB
Total Pagefile: 6072.16 MB
Available Pagefile: 3936.22 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:454.84 GB) (Free:410.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C648A420)

Partition: GPT Partition Type.

==================== End Of Log ============================

Farbar Recovery Scan Tool (x64) Version: 01-03-2014
Ran by Tatoo Addiction at 2014-03-01 13:15:03
Running from C:\VIRUS REMOVAL 2014
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2012-01-13 12:35] - [2010-11-20 07:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 18:00] - [2009-07-13 19:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\WINDOWS\System32\rpcss.dll
[2012-01-13 12:35] - [2010-11-20 07:27] - 0512512 ____A (Microsoft Corporation) 9913B2231E7F0083A11AA38E5CE784EF

C:\WINDOWS\erdnt\cache64\rpcss.dll
[2012-08-03 15:36] - [2010-11-20 07:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

====== End Of Search ======

TimW · Mar 1, 2014

In the future, please ATTACH your logs, do not past them into your threads.

Save fixlist.txt to your flash drive.

You should now have both fixlist.txt and FRST.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows can continue with the below.
Running MGTools.

jrichter73 · Mar 1, 2014

So sorry about the spam paste. I'll post the file nextime. I'll report back with results. Thank you so much.

TimW · Mar 1, 2014

No problem. Let me know how you get along.

jrichter73 · Mar 2, 2014

Ok. so sorry for the delay. They closed up shop last night and I couldn't finish everything. But I did run your FRST fixlist last night. By the time I got here this morning they had already turned the machine on again ugh.. I hope that won't matter.

I also followed all of the instructions in the Run and Read Me and I'll attach everything I have. It's still showing the Win64.Patched.B and also Avast webshield is blocking harmful webpages/threats constantly and citing svchost.exe as the Process.

I'm hoping to get this all cleaned without having to just reinstall windows! ugh.

Thank you so much.

TimW · Mar 2, 2014

Download OTM by Old Timer and save it to your Desktop.

Right-click OTM.exe And select " Run as administrator " to run it.

Paste the following code under the area. Do not include the word Code.
Code:
:Processes
explorer.exe

:files
C:\Windows\SysNative\drivers\hpljsjza.sys
C:\Windows\SysNative\drivers\hygnwogx.sys
C:\Windows\SysNative\drivers\kknfzrcw.sys
C:\Windows\SysNative\drivers\wijagrds.sys
C:\Windows\SysNative\drivers\zdndbrja.sys
C:\Windows\TEMP\*.*
C:\Users\Tatoo Addiction\AppData\Local\Temp\*.*

:Commands
[purity]
[ResetHosts]
[emptytemp]
[start explorer]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.

Push the large button.

OTM may ask to reboot the machine. Please do so if asked.

Copy everything in the Results window (under the green bar), and paste it in your next reply.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach this log file to your next message.

Make sure you tell me how things are running.

jrichter73 · Mar 2, 2014

Thanks for the speedy response, Tim. I followed your instructions however I was not able to copy the Green Report results because the Reboot Prompt had priority and wouldn't let me click outside of it before it rebooted. But I did attach the log file.

Still getting the Win64/Patched_B notification from AVG As well as the Avast shield svchost error.

jrichter73 · Mar 2, 2014

I've also noticed that there are a bunch of partitions on this machine... they all ask for a disk when clicked and listed as removable? Could these have been created by the culprits or are being used like a RAID somehow to keep this beast running around on this machine?

Here's a screenshot along with the AVG popup that is non-stop.

TimW · Mar 3, 2014

I think AVG may be giving you a false positive. Let's do an online scan:

eSet Online Scan.

jrichter73 · Mar 7, 2014

TimW said: ↑

I think AVG may be giving you a false positive. Let's do an online scan:

eSet Online Scan.
Click to expand...

So sorry it's been a few days. I was out of the shop. So I started running the ESET online scanner and it got about 50% complete before the pc rebooted itself.. however before that happened it did have 7 detections already. Not to mention AVAST is still giving the URL:Mal alerts within the SVCHOST.exe process.

AND.. if I open a new tab in Firefox it opens with a Sweetpacks "search" page. However, when I open up Firefox freshly from the desktop it's correctly displaying the homepage I have set (google).

I saw some other forum and the helper was directing the OP to swap rpcss file with a fresh uninfected copy using some sort of program. I imagine that would need to be done in a batch while killing the files that will try to infect the fresh one?

Also did you happen to see my post about all of those hard drives? Nobody here at the shop can answer me about those so I'm wondering wtf they are.

Thanks again!

TimW · Mar 7, 2014

As I said, it could just be a false positive. Go to Run / type in:
sfc/scannow

See if it replaces the file.

jrichter73 · Mar 7, 2014

TimW said: ↑

As I said, it could just be a false positive. Go to Run / type in:
sfc/scannow

See if it replaces the file.
Click to expand...

After about 6% of verification the window closes itself. It's definitely infected because as I was saying, it's still hijacking the New Tab when i open one (the sweetpacks hijack). Not to mention the rebooting of the pc mid ESET online scan.

Here's a thread that has the exact problems I'm having as well.

**tp://forum.avast.com/index.php?topic=144047.0

chaslang · Mar 7, 2014

If you still have AVG installed, then uninstall it. You should not have it and Avast installed at the same time

Download this >> View attachment fixlist.txt

Save fixlist.txt to your flash drive.

You should now have both fixlist.txt and FRST64.exe on your flash drive.

Now reboot back into the System Recovery Options as you did previously.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt).
Please attach this to your next message. (See how to attach)

Now boot into normal Windows and continue with the below.

Now empty your Malwarebytes Quarantine which has grown very large.

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
Internet Explorer Toolbar 4.7 by SweetPacks
Java(TM) 6 Update 31
Online Vault
Optimizer Pro v3.0
Supreme Savings

Now install the current version of Sun Java from:

Go here for 64 bit OS = Sun Java 64 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Go here for 32 bit OS = Sun Java 32 bit Runtime Environment Make sure that when you see the form asking about installing Ask Toolbar that you uncheck this.

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select any of the following lines that still remain but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - (no file)

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
(or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
the code box
Code:
:Processes
explorer.exe
 
:Files
C:\QooBox
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\Program Files (x86)\Conduit
C:\Program Files (x86)\Optimizer Pro
C:\ProgramData\Babylon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro
C:\ProgramData\PC Optimizer Pro
C:\Users\Tatoo Addiction\AppData\Local\Conduit\
C:\Users\Tatoo Addiction\AppData\LocalLow\BabylonToolbar
C:\Users\Tatoo Addiction\AppData\LocalLow\Conduit
C:\Users\Tatoo Addiction\AppData\Roaming\Babylon
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
C:\Program Files (x86)\Optimizer Pro
C:\Program Files (x86)\Supreme Savings
C:\Program Files (x86)\SweetIM
C:\Program Files (x86)\Tuguu SL
C:\$AVG
C:\Windows\SysNative\dtni.nvr
C:\Windows\SysNative\ehdrluw.nto
C:\Windows\SysNative\ggwd.znw
C:\Windows\SysNative\msqhn.umo
C:\Windows\SysNative\oddh.ran
C:\Windows\TEMP\*.*
C:\Users\Tatoo Addiction\AppData\Local\Temp\*.*

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Prod.cap]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Funmoods]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1]
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\AppDataLow\Software\SmartBar]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\Conduit]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\Local AppWizard-Generated Applications\PCOptimizerPro\ (PCOptimizerPro)
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\Optimizer Pro]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\PC Optimizer Pro]
[-HKEY_USERS\S-1-5-21-536891915-3826184316-2016587531-1001\Software\Softonic]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{206A3C49-2EE9-DD9D-0959-759093BEE3FA}"
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FA891B66-7F2C-40F4-A6E0-25D31D7ACB59}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{5852D837-6E63-4711-89D6-678B0EC91DE1}"
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1AA6BF35-C9BA-43D2-8777-66C814CA50B0}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{206A3C49-2EE9-DD9D-0959-759093BEE3FA}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C3CAF823-50F9-4CF6-A3EE-186E14E3EBCF}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{FA891B66-7F2C-40F4-A6E0-25D31D7ACB59}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
) and choose Paste.

Now click the large button.

If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.

The tool will open and start scanning your system.

Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

the FRST log

the C:\_OTM\MovedFiles log

the JRT.TXT log

C:\MGlogs.zip

Make sure you tell me how things are working now!

Log in or Sign up

Hi all! Looking for a hand with fixlist.txt!

jrichter73 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Attached Files:

Fixlist.txt

jrichter73 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

Attached Files:

Fixlog.txt

HitmanPro_20140302_1413.log

TDSSKiller.3.0.0.25_02.03.2014_14.02.08_log.txt

mbam-log-2014-03-02 (13-46-17).txt

MGlogs.zip

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

Attached Files:

03022014_154234.log

jrichter73 Private E-2

Attached Files:

partitions.PNG

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Hi all! Looking for a hand with fixlist.txt!

jrichter73 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

Attached Files:

jrichter73 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

Attached Files:

jrichter73 Private E-2

Attached Files:

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

jrichter73 Private E-2

chaslang MajorGeeks Admin - Master Malware Expert Staff Member

Useful Searches