Jump to content

yoyocool2

Advanced Member
  • Content Count

    276
  • Joined

  • Last visited

About yoyocool2

  • Rank
    Member
  • Birthday 07/08/1992

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Gender
    Male

Previous Fields

  • Teams:
    Nothing Selected
  1. Awesome, I have gone and posted over there and we shall see what happens
  2. Okay, so the Uninstaller doesn't even load for firefox. But I have installed Firefox in a new directory and that loads fine but then freezes after a few seconds. Also unable to uninstall the other one.
  3. Firefox is still crashing before it loads and Chrome still doesn't launch at all, I may give a reinstall a try for both of them after all this fixing we have done and see if that works? OTL logfile created on: 1/13/2012 4:12:02 PM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersHayleeeDesktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.20% Memory free 16.00 Gb Paging File | 14.52 Gb Available in Paging File | 90.81% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 465.76 Gb Total Space | 271.59 Gb Free Space | 58.31% Space Free | Partition Type: NTFS Computer Name: HAYLEEE-PC | User Name: Hayleee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersHayleeeDesktopOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:WindowsSysWOW64PnkBstrA.exe () PRC - C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd) PRC - C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation) SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe () SRV:64bit: - (nSvcIp) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe () SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (AVGIDSAgent) -- C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (PnkBstrA) -- C:WindowsSysWOW64PnkBstrA.exe () SRV - (avgwd) -- C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (Avgldx64) -- C:WindowsSysNativedriversavgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:WindowsSysNativedriversavgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (dtsoftbus01) -- C:WindowsSysNativedriversdtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (Avgmfx64) -- C:WindowsSysNativedriversavgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:WindowsSysNativedriversavgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:WindowsSysNativedriversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:WindowsSysNativedriversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSEH) -- C:WindowsSysNativedriversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Netaapl) -- C:WindowsSysNativedriversnetaapl64.sys (Apple Inc.) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (RTL8192su) -- C:WindowsSysNativedriversRTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:WindowsSysNativedriversASACPI.sys () DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com.au/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.) FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32.dll () FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/NxGame: C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon) FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program Files (x86)AVGAVG2012Firefox4 [2012/01/05 11:16:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/01/01 06:07:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2011/05/11 21:59:33 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaExtensions [2011/12/06 15:53:25 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.defaultextensions [2011/12/31 11:07:40 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions [2012/01/01 06:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:Program Files (x86)Mozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} File not found (No name found) -- C:USERSHAYLEEEAPPDATAROAMINGMOZILLAFIREFOXPROFILES54HJIS6T.DEFAULTEXTENSIONS{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} [2011/11/13 10:52:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll ========== Chrome ========== CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2_0 CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1901_0 O1 HOSTS File: ([2012/01/13 16:04:21 | 000,000,098 | ---- | M]) - C:WindowsSysNativedriversetcHosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O4:64bit: - HKLM..Run: [AdobeAAMUpdater-1.0] C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..Run: [AdobeCS5ServiceManager] C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [AVG_TRAY] C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) O4 - HKLM..Run: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..Run: [DAEMON Tools Lite] C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000001 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000002 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000003 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000014 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9Catalog_Entries000000000014 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.1.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{6C76B5D7-DF34-4C95-BEF2-3E0CF83ABC5D}: DhcpNameServer = 10.4.85.135 10.4.176.231 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{856747D4-0E15-4F15-8FA9-82235683E5FC}: DhcpNameServer = 10.1.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BB29DAFB-C723-47A0-A4DB-C2DD6CD63C85}: DhcpNameServer = 10.1.1.1 O18:64bit: - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgppa.dll (AVG Technologies CZ, s.r.o.) O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:PROGRA~2AVGAVG2012avgrsa.exe /sync /restart) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/13 16:04:20 | 000,000,000 | ---D | C] -- C:_OTL [2012/01/13 16:03:02 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsERUNT [2012/01/13 16:03:02 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT [2012/01/13 16:02:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:UsersHayleeeDesktoperunt-setup.exe [2012/01/12 17:34:06 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalElevatedDiagnostics [2012/01/11 12:43:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe [2012/01/11 10:51:19 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/01/11 10:18:29 | 000,000,000 | ---D | C] -- C:Windowstemp [2012/01/11 10:07:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/01/11 10:07:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/01/11 10:07:04 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/01/08 11:44:21 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET [2012/01/08 11:29:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe [2012/01/06 06:51:08 | 004,704,768 | ---- | C] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe [2012/01/06 06:48:39 | 000,607,260 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopdds.com [2012/01/05 17:32:09 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis [2012/01/05 17:32:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)HJT [2012/01/05 12:13:19 | 000,000,000 | ---D | C] -- C:WindowsERDNT [2012/01/05 12:10:09 | 000,000,000 | ---D | C] -- C:Qoobox [2012/01/05 12:06:17 | 004,377,322 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe [2012/01/05 11:57:07 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/01/05 11:57:00 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy [2012/01/05 11:56:59 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/01/05 11:25:48 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingAVG2012 [2012/01/05 11:16:52 | 000,000,000 | -H-D | C] -- C:ProgramDataCommon Files [2012/01/05 11:16:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAVG 2012 [2012/01/05 11:16:36 | 000,000,000 | ---D | C] -- C:WindowsSysWow64driversAVG [2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:ProgramDataAVG2012 [2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:WindowsSysNativedriversAVG [2012/01/05 11:13:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)AVG [2012/01/05 11:01:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner [2012/01/05 11:01:37 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner [2012/01/05 11:01:21 | 000,000,000 | ---D | C] -- C:ProgramDataMFAData [2012/01/01 13:45:01 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed [2012/01/01 11:43:07 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome [2011/12/31 11:18:22 | 000,000,000 | ---D | C] -- C:UsersHayleeeDocumentsll [2011/12/31 11:09:19 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalGoogle [2011/12/31 11:08:34 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalDeployment [2011/12/29 09:57:11 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingUnified Remote [2011/12/28 17:58:56 | 000,000,000 | ---D | C] -- C:UsersHayleeejagexcache [2011/12/28 17:58:15 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesJava [2011/12/28 17:57:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe [2011/12/28 17:57:23 | 000,000,000 | ---D | C] -- C:Program Files (x86)Java [2011/05/10 11:23:34 | 000,216,064 | ---- | C] ( ) -- C:WindowsSysWow64lagarith.dll [2010/02/04 15:00:00 | 000,139,264 | ---- | C] ( ) -- C:Windowssipr3260.dll ========== Files - Modified Within 30 Days ========== [2012/01/13 16:12:44 | 000,792,914 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/01/13 16:12:44 | 000,669,276 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/01/13 16:12:44 | 000,125,358 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/01/13 16:07:27 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/01/13 16:07:21 | 2146,344,959 | -HS- | M] () -- C:hiberfil.sys [2012/01/13 16:05:04 | 000,000,916 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job [2012/01/13 16:04:21 | 000,000,098 | ---- | M] () -- C:WindowsSysNativedriversetcHosts [2012/01/13 16:03:03 | 000,000,924 | ---- | M] () -- C:UsersHayleeeDesktopNTREGOPT.lnk [2012/01/13 16:03:03 | 000,000,905 | ---- | M] () -- C:UsersHayleeeDesktopERUNT.lnk [2012/01/13 16:02:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:UsersHayleeeDesktoperunt-setup.exe [2012/01/13 15:59:10 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/13 15:59:10 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/13 15:57:33 | 086,634,520 | ---- | M] () -- C:WindowsSysNativedriversAVGincavi.avm [2012/01/12 21:07:08 | 000,000,024 | ---- | M] () -- C:UsersHayleeerandom.dat [2012/01/12 17:17:25 | 000,000,046 | ---- | M] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat [2012/01/11 12:43:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe [2012/01/11 10:06:45 | 004,377,322 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe [2012/01/08 13:05:02 | 000,000,864 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job [2012/01/08 12:52:43 | 000,000,866 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/01/08 11:29:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe [2012/01/07 19:57:46 | 001,601,493 | ---- | M] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg [2012/01/06 06:55:21 | 000,000,512 | ---- | M] () -- C:UsersHayleeeDesktopMBR.dat [2012/01/06 06:51:08 | 004,704,768 | ---- | M] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe [2012/01/06 06:48:53 | 000,607,260 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopdds.com [2012/01/05 17:32:09 | 000,002,993 | ---- | M] () -- C:UsersHayleeeDesktopHiJackThis.lnk [2012/01/05 13:00:42 | 000,002,324 | ---- | M] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk [2012/01/05 12:26:38 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120105-123333.backup [2012/01/05 11:57:12 | 000,001,282 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/01/05 11:57:12 | 000,001,258 | ---- | M] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk [2012/01/05 11:16:39 | 000,000,965 | ---- | M] () -- C:UsersPublicDesktopAVG 2012.lnk [2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGincavi.avm [2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGiavichjw.avm [2012/01/01 13:45:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/01/01 11:49:00 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/01/01 11:47:21 | 000,001,437 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk [2012/01/01 06:10:28 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat [2012/01/01 06:10:28 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat [2011/12/28 17:57:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe ========== Files Created - No Company Name ========== [2012/01/13 16:03:03 | 000,000,924 | ---- | C] () -- C:UsersHayleeeDesktopNTREGOPT.lnk [2012/01/13 16:03:03 | 000,000,905 | ---- | C] () -- C:UsersHayleeeDesktopERUNT.lnk [2012/01/13 15:57:33 | 086,634,520 | ---- | C] () -- C:WindowsSysNativedriversAVGincavi.avm [2012/01/11 10:07:04 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/01/11 10:07:04 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/01/11 10:07:04 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/01/11 10:07:04 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/01/11 10:07:04 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/01/08 12:44:35 | 001,601,493 | ---- | C] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg [2012/01/06 06:55:21 | 000,000,512 | ---- | C] () -- C:UsersHayleeeDesktopMBR.dat [2012/01/05 17:32:09 | 000,002,993 | ---- | C] () -- C:UsersHayleeeDesktopHiJackThis.lnk [2012/01/05 13:00:42 | 000,002,324 | ---- | C] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk [2012/01/05 11:57:12 | 000,001,282 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/01/05 11:57:12 | 000,001,258 | ---- | C] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk [2012/01/05 11:16:39 | 000,000,965 | ---- | C] () -- C:UsersPublicDesktopAVG 2012.lnk [2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGincavi.avm [2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGiavichjw.avm [2012/01/05 11:01:38 | 000,000,866 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk [2012/01/01 11:49:00 | 000,001,109 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/01/01 11:41:17 | 000,000,916 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job [2012/01/01 11:41:14 | 000,000,864 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job [2012/01/01 11:39:42 | 000,001,443 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk [2012/01/01 11:39:42 | 000,001,437 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk [2012/01/01 11:39:42 | 000,001,409 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer (64-bit).lnk [2011/12/28 17:58:56 | 000,000,046 | ---- | C] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat [2011/12/28 17:58:56 | 000,000,024 | ---- | C] () -- C:UsersHayleeerandom.dat [2011/12/05 09:58:38 | 000,000,132 | ---- | C] () -- C:UsersHayleeeAppDataRoamingAdobe PNG Format CS5 Prefs [2011/09/23 21:23:16 | 000,000,064 | ---- | C] () -- C:WindowsSysWow64rp_stats.dat [2011/09/23 21:23:16 | 000,000,044 | ---- | C] () -- C:WindowsSysWow64rp_rules.dat [2011/08/29 19:23:55 | 000,215,128 | ---- | C] () -- C:WindowsSysWow64PnkBstrB.exe [2011/08/29 19:23:53 | 002,434,856 | ---- | C] () -- C:WindowsSysWow64pbsvc_bc2.exe [2011/08/29 19:23:53 | 000,075,064 | ---- | C] () -- C:WindowsSysWow64PnkBstrA.exe [2011/08/25 15:17:59 | 000,200,704 | ---- | C] () -- C:WindowsSysWow64UpdateDriver.exe [2011/08/25 15:17:59 | 000,005,226 | ---- | C] () -- C:WindowsSysWow64ucuiinfo.ini [2011/06/26 18:18:24 | 000,786,294 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI [2011/04/28 02:21:38 | 003,268,096 | ---- | C] () -- C:WindowsSysWow64x264vfw.dll [2011/04/12 10:09:18 | 000,073,216 | ---- | C] () -- C:WindowsSysWow64ff_vfw.dll [2011/03/20 02:06:02 | 000,240,640 | ---- | C] () -- C:WindowsSysWow64xvidvfw.dll [2011/03/20 02:04:28 | 000,650,752 | ---- | C] () -- C:WindowsSysWow64xvidcore.dll [2010/03/15 20:31:48 | 000,165,376 | ---- | C] () -- C:WindowsSysWow64unrar.dll [2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat [2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT [2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat [2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSysWow64BWContextHandler.dll [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll [2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat [2007/08/01 11:39:28 | 000,012,536 | ---- | C] () -- C:WindowsSysWow64driversASUSHWIO.SYS [2007/02/06 11:05:26 | 000,000,038 | ---- | C] () -- C:WindowsAviSplitter.INI < End of report >
  4. I can't load Chrome at all, that's the issue;(
  5. OLT: OTL logfile created on: 1/11/2012 12:44:36 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersHayleeeDesktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.98% Memory free 16.00 Gb Paging File | 14.36 Gb Available in Paging File | 89.76% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 465.76 Gb Total Space | 271.66 Gb Free Space | 58.33% Space Free | Partition Type: NTFS Computer Name: HAYLEEE-PC | User Name: Hayleee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:UsersHayleeeDesktopOTL.exe (OldTimer Tools) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) PRC - C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:WindowsSysWOW64PnkBstrA.exe () PRC - C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd) PRC - C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation) PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll () MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation) SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe () SRV:64bit: - (nSvcIp) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe () SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation) SRV - (AVGIDSAgent) -- C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (PnkBstrA) -- C:WindowsSysWOW64PnkBstrA.exe () SRV - (avgwd) -- C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation) SRV - (SBSDWSCService) -- C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation) DRV:64bit: - (Avgldx64) -- C:WindowsSysNativedriversavgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:WindowsSysNativedriversavgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (dtsoftbus01) -- C:WindowsSysNativedriversdtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.) DRV:64bit: - (Avgmfx64) -- C:WindowsSysNativedriversavgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgtdia) -- C:WindowsSysNativedriversavgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:WindowsSysNativedriversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:WindowsSysNativedriversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSEH) -- C:WindowsSysNativedriversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Netaapl) -- C:WindowsSysNativedriversnetaapl64.sys (Apple Inc.) DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.) DRV:64bit: - (RTL8192su) -- C:WindowsSysNativedriversRTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MTsensor) -- C:WindowsSysNativedriversASACPI.sys () DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm IE - HKLM..URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com.au/ IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 10 7B 5D E8 38 C8 CC 01 [binary data] IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0 IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.) FF:64bit: - [email protected]/GENUINE: disabled File not found FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32.dll () FF - [email protected]/iTunes,version=: File not found FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll () FF - [email protected]/GENUINE: disabled File not found FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation) FF - [email protected]/NxGame: C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon) FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation) FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation) FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program Files (x86)AVGAVG2012Firefox4 [2012/01/05 11:16:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/01/01 06:07:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins [2011/05/11 21:59:33 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaExtensions [2011/12/06 15:53:25 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.defaultextensions [2011/12/06 15:53:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.defaultextensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2011/12/31 11:07:40 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions [2012/01/01 06:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:Program Files (x86)Mozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/11/13 10:52:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll ========== Chrome ========== CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2_0 CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1901_0 O1 HOSTS File: ([2012/01/11 10:14:24 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssiea.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O4:64bit: - HKLM..Run: [AdobeAAMUpdater-1.0] C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..Run: [AdobeCS5ServiceManager] C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.) O4 - HKLM..Run: [AVG_TRAY] C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation) O4 - HKLM..Run: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..Run: [DAEMON Tools Lite] C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd) O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0 O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0 O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000001 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000002 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000003 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000014 - C:WindowsSysNativenvappfilter64.dll (NVIDIA) O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9Catalog_Entries000000000014 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.1.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{6C76B5D7-DF34-4C95-BEF2-3E0CF83ABC5D}: DhcpNameServer = 10.4.85.135 10.4.176.231 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{856747D4-0E15-4F15-8FA9-82235683E5FC}: DhcpNameServer = 10.1.1.1 O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BB29DAFB-C723-47A0-A4DB-C2DD6CD63C85}: DhcpNameServer = 10.1.1.1 O18:64bit: - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - ProtocolHandlerwlpg - No CLSID value found O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSysWOW64userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:PROGRA~2AVGAVG2012avgrsa.exe /sync /restart) O35:64bit: - HKLM..comfile [open] -- "%1" %* O35:64bit: - HKLM..exefile [open] -- "%1" %* O35 - HKLM..comfile [open] -- "%1" %* O35 - HKLM..exefile [open] -- "%1" %* O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %* O37 - HKLM...com [@ = ComFile] -- "%1" %* O37 - HKLM...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/01/11 12:43:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe [2012/01/11 10:51:19 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN [2012/01/11 10:18:29 | 000,000,000 | ---D | C] -- C:Windowstemp [2012/01/11 10:07:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe [2012/01/11 10:07:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe [2012/01/11 10:07:04 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe [2012/01/08 11:44:21 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET [2012/01/08 11:29:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe [2012/01/06 06:51:08 | 004,704,768 | ---- | C] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe [2012/01/06 06:48:39 | 000,607,260 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopdds.com [2012/01/05 17:32:09 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis [2012/01/05 17:32:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)HJT [2012/01/05 12:13:19 | 000,000,000 | ---D | C] -- C:WindowsERDNT [2012/01/05 12:10:09 | 000,000,000 | ---D | C] -- C:Qoobox [2012/01/05 12:06:17 | 004,377,322 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe [2012/01/05 11:57:07 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy [2012/01/05 11:57:00 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy [2012/01/05 11:56:59 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy [2012/01/05 11:25:48 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingAVG2012 [2012/01/05 11:16:52 | 000,000,000 | -H-D | C] -- C:ProgramDataCommon Files [2012/01/05 11:16:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAVG 2012 [2012/01/05 11:16:36 | 000,000,000 | ---D | C] -- C:WindowsSysWow64driversAVG [2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:ProgramDataAVG2012 [2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:WindowsSysNativedriversAVG [2012/01/05 11:13:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)AVG [2012/01/05 11:01:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner [2012/01/05 11:01:37 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner [2012/01/05 11:01:21 | 000,000,000 | ---D | C] -- C:ProgramDataMFAData [2012/01/01 13:45:01 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed [2012/01/01 11:43:07 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome [2011/12/31 11:18:22 | 000,000,000 | ---D | C] -- C:UsersHayleeeDocumentsll [2011/12/31 11:09:19 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalGoogle [2011/12/31 11:08:34 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalDeployment [2011/12/29 09:57:11 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingUnified Remote [2011/12/28 17:58:56 | 000,000,000 | ---D | C] -- C:UsersHayleeejagexcache [2011/12/28 17:58:15 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesJava [2011/12/28 17:57:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe [2011/12/28 17:57:23 | 000,000,000 | ---D | C] -- C:Program Files (x86)Java [2011/05/10 11:23:34 | 000,216,064 | ---- | C] ( ) -- C:WindowsSysWow64lagarith.dll [2010/02/04 15:00:00 | 000,139,264 | ---- | C] ( ) -- C:Windowssipr3260.dll ========== Files - Modified Within 30 Days ========== [2012/01/11 12:43:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe [2012/01/11 12:05:00 | 000,000,916 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job [2012/01/11 11:33:00 | 000,792,914 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI [2012/01/11 11:33:00 | 000,669,276 | ---- | M] () -- C:WindowsSysNativeperfh009.dat [2012/01/11 11:33:00 | 000,125,358 | ---- | M] () -- C:WindowsSysNativeperfc009.dat [2012/01/11 11:28:50 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat [2012/01/11 10:54:25 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/11 10:54:25 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/11 10:50:53 | 086,484,941 | ---- | M] () -- C:WindowsSysNativedriversAVGincavi.avm [2012/01/11 10:47:00 | 2146,344,959 | -HS- | M] () -- C:hiberfil.sys [2012/01/11 10:14:24 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts [2012/01/11 10:06:45 | 004,377,322 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe [2012/01/08 22:52:42 | 000,000,024 | ---- | M] () -- C:UsersHayleeerandom.dat [2012/01/08 22:05:07 | 000,000,046 | ---- | M] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat [2012/01/08 13:05:02 | 000,000,864 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job [2012/01/08 12:52:43 | 000,000,866 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk [2012/01/08 11:29:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe [2012/01/07 19:57:46 | 001,601,493 | ---- | M] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg [2012/01/06 06:55:21 | 000,000,512 | ---- | M] () -- C:UsersHayleeeDesktopMBR.dat [2012/01/06 06:51:08 | 004,704,768 | ---- | M] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe [2012/01/06 06:48:53 | 000,607,260 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopdds.com [2012/01/05 17:32:09 | 000,002,993 | ---- | M] () -- C:UsersHayleeeDesktopHiJackThis.lnk [2012/01/05 13:00:42 | 000,002,324 | ---- | M] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk [2012/01/05 12:26:38 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120105-123333.backup [2012/01/05 11:57:12 | 000,001,282 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/01/05 11:57:12 | 000,001,258 | ---- | M] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk [2012/01/05 11:16:39 | 000,000,965 | ---- | M] () -- C:UsersPublicDesktopAVG 2012.lnk [2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGincavi.avm [2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGiavichjw.avm [2012/01/01 13:45:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl [2012/01/01 11:49:00 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/01/01 11:47:21 | 000,001,437 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk [2012/01/01 06:10:28 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat [2012/01/01 06:10:28 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat [2011/12/28 17:57:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe ========== Files Created - No Company Name ========== [2012/01/11 10:50:53 | 086,484,941 | ---- | C] () -- C:WindowsSysNativedriversAVGincavi.avm [2012/01/11 10:07:04 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe [2012/01/11 10:07:04 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe [2012/01/11 10:07:04 | 000,098,816 | ---- | C] () -- C:Windowssed.exe [2012/01/11 10:07:04 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe [2012/01/11 10:07:04 | 000,068,096 | ---- | C] () -- C:Windowszip.exe [2012/01/08 12:44:35 | 001,601,493 | ---- | C] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg [2012/01/06 06:55:21 | 000,000,512 | ---- | C] () -- C:UsersHayleeeDesktopMBR.dat [2012/01/05 17:32:09 | 000,002,993 | ---- | C] () -- C:UsersHayleeeDesktopHiJackThis.lnk [2012/01/05 13:00:42 | 000,002,324 | ---- | C] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk [2012/01/05 11:57:12 | 000,001,282 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk [2012/01/05 11:57:12 | 000,001,258 | ---- | C] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk [2012/01/05 11:16:39 | 000,000,965 | ---- | C] () -- C:UsersPublicDesktopAVG 2012.lnk [2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGincavi.avm [2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGiavichjw.avm [2012/01/05 11:01:38 | 000,000,866 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk [2012/01/01 11:49:00 | 000,001,109 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk [2012/01/01 11:41:17 | 000,000,916 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job [2012/01/01 11:41:14 | 000,000,864 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job [2012/01/01 11:39:42 | 000,001,443 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk [2012/01/01 11:39:42 | 000,001,437 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk [2012/01/01 11:39:42 | 000,001,409 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer (64-bit).lnk [2011/12/28 17:58:56 | 000,000,046 | ---- | C] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat [2011/12/28 17:58:56 | 000,000,024 | ---- | C] () -- C:UsersHayleeerandom.dat [2011/12/05 09:58:38 | 000,000,132 | ---- | C] () -- C:UsersHayleeeAppDataRoamingAdobe PNG Format CS5 Prefs [2011/09/23 21:23:16 | 000,000,064 | ---- | C] () -- C:WindowsSysWow64rp_stats.dat [2011/09/23 21:23:16 | 000,000,044 | ---- | C] () -- C:WindowsSysWow64rp_rules.dat [2011/08/29 19:23:55 | 000,215,128 | ---- | C] () -- C:WindowsSysWow64PnkBstrB.exe [2011/08/29 19:23:53 | 002,434,856 | ---- | C] () -- C:WindowsSysWow64pbsvc_bc2.exe [2011/08/29 19:23:53 | 000,075,064 | ---- | C] () -- C:WindowsSysWow64PnkBstrA.exe [2011/08/25 15:17:59 | 000,200,704 | ---- | C] () -- C:WindowsSysWow64UpdateDriver.exe [2011/08/25 15:17:59 | 000,005,226 | ---- | C] () -- C:WindowsSysWow64ucuiinfo.ini [2011/06/26 18:18:24 | 000,786,294 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI [2011/04/28 02:21:38 | 003,268,096 | ---- | C] () -- C:WindowsSysWow64x264vfw.dll [2011/04/12 10:09:18 | 000,073,216 | ---- | C] () -- C:WindowsSysWow64ff_vfw.dll [2011/03/20 02:06:02 | 000,240,640 | ---- | C] () -- C:WindowsSysWow64xvidvfw.dll [2011/03/20 02:04:28 | 000,650,752 | ---- | C] () -- C:WindowsSysWow64xvidcore.dll [2010/03/15 20:31:48 | 000,165,376 | ---- | C] () -- C:WindowsSysWow64unrar.dll [2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat [2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT [2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat [2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin [2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSysWow64BWContextHandler.dll [2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll [2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat [2007/08/01 11:39:28 | 000,012,536 | ---- | C] () -- C:WindowsSysWow64driversASUSHWIO.SYS [2007/02/06 11:05:26 | 000,000,038 | ---- | C] () -- C:WindowsAviSplitter.INI ========== LOP Check ========== [2011/10/31 19:41:50 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoaming.minecraft [2011/06/27 20:02:38 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingAdvanced Combat Tracker [2011/09/18 00:52:11 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingAnvSoft [2012/01/05 11:25:48 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingAVG2012 [2012/01/05 11:12:41 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingDAEMON Tools Lite [2011/05/22 10:45:10 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingMumble [2011/07/16 07:36:08 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingRift [2011/09/09 20:22:37 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingStageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2011/12/29 09:57:11 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingUnified Remote [2012/01/11 10:40:21 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoaminguTorrent [2011/05/15 08:51:04 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingWin7codecs [2012/01/11 11:28:11 | 000,032,582 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras: OTL Extras logfile created on: 1/11/2012 12:44:36 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersHayleeeDesktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.98% Memory free 16.00 Gb Paging File | 14.36 Gb Available in Paging File | 89.76% Paging File free Paging file location(s): ?:pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86) Drive C: | 465.76 Gb Total Space | 271.66 Gb Free Space | 58.33% Space Free | Partition Type: NTFS Computer Name: HAYLEEE-PC | User Name: Hayleee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>] .cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USERSOFTWAREClasses<extension>] .html [@ = FirefoxHTML] -- C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%system32mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%System32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:Program Files (x86)AdobeAdobe Bridge CS5Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [bridge] -- C:Program Files (x86)AdobeAdobe Bridge CS5Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall] 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile] 64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile] [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList] [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java 6 Update 27 (64-bit) "{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012 "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AVG" = AVG 2012 "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "NVIDIA Drivers" = NVIDIA Drivers "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Adapter Setup "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2 "{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1427788-54CA-4DF3-A5EE-A34E0E5DB9AD}" = Belkin N1 Wireless USB Adapter "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Combat Tracker" = Advanced Combat Tracker (remove only) "bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.14.00.802 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DAEMON Tools Lite" = DAEMON Tools Lite "ESET Online Scanner" = ESET Online Scanner v3 "InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter "InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager "Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MapleStory" = MapleStory "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Mixtrilo" = Mixtrilo "Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US) "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 42700" = Call of Duty: Black Ops "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 440" = Team Fortress 2 "uTorrent" = µTorrent "uTorrentBar Toolbar" = uTorrentBar Toolbar "VLC media player" = VLC media player 1.1.9 "WinLiveSuite" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/2/2008 2:38:56 AM | Computer Name = Hayleee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/2/2008 2:40:21 AM | Computer Name = Hayleee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/2/2008 2:40:54 AM | Computer Name = Hayleee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 1/10/2012 10:07:23 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_iphlpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting process id: 0x404 Faulting application start time: 0x01c84d09fda9fec0 Faulting application path: C:Windowssystem32svchost.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll Report Id: ffb2b6c0-3bf8-11e1-bcdc-002354230484 Error - 1/10/2012 10:14:57 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000 Description = Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting process id: 0x798 Faulting application start time: 0x01c84d0a01f07a40 Faulting application path: C:Program FilesBonjourmDNSResponder.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll Report Id: 0e137320-3bfa-11e1-bcdc-002354230484 Error - 1/10/2012 10:47:20 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000 Description = Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time stamp: 0x4e5dcc07 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting process id: 0x77c Faulting application start time: 0x01ccd00b4f4874e0 Faulting application path: C:Program FilesBonjourmDNSResponder.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll Report Id: 947fe840-3bfe-11e1-8a29-002354230484 Error - 1/10/2012 11:17:14 PM | Computer Name = Hayleee-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll".Error in manifest or policy file "C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 1/10/2012 11:17:51 PM | Computer Name = Hayleee-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "c:program files (x86)ESETeset online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Component 2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 1/10/2012 11:23:15 PM | Computer Name = Hayleee-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:program files (x86)spybot - search & destroyDelZip179.dll".Error in manifest or policy file "c:program files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 1/10/2012 11:28:11 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting process id: 0x408 Faulting application start time: 0x01ccd00b4c1b6840 Faulting application path: C:Windowssystem32svchost.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll Report Id: 49096de0-3c04-11e1-8a29-002354230484 [ System Events ] Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031 Description = The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031 Description = The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031 Description = The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031 Description = The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031 Description = The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 1/10/2012 10:08:14 PM | Computer Name = Hayleee-PC | Source = volsnap | ID = 393230 Description = The shadow copies of volume C: were aborted because of an IO failure on volume C:. Error - 1/10/2012 10:08:25 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: %%1056 Error - 1/10/2012 10:09:25 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: %%1056 Error - 1/10/2012 10:09:25 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: %%1056 < End of report >
  6. ComboFix 12-01-10.02 - Hayleee 01/11/2012 10:08:58.5.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6633 [GMT 8:00] Running from: c:usersHayleeeDesktopComboFix.exe Command switches used :: c:usersHayleeeDesktopCFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . FILE :: "c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker(1).exe" "c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker(1).exe c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker.exe c:windowssystem32wbemPerformanceWmiApRpl_new.ini . . ((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 ))))))))))))))))))))))))))))))) . . 2012-01-11 02:14 . 2012-01-11 02:14 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp 2012-01-11 02:14 . 2012-01-11 02:14 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-01-08 03:44 . 2012-01-08 03:44 -------- d-----w- c:program files (x86)ESET 2012-01-05 09:32 . 2012-01-05 09:32 388096 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:program files (x86)HJT 2012-01-05 03:57 . 2012-01-05 04:51 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-01-05 03:56 . 2012-01-05 04:56 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-01-05 03:25 . 2012-01-05 03:25 -------- d-----w- c:usersHayleeeAppDataRoamingAVG2012 2012-01-05 03:16 . 2012-01-05 03:16 -------- d--h--w- c:programdataCommon Files 2012-01-05 03:16 . 2012-01-05 03:16 -------- d-----w- c:windowsSysWow64driversAVG 2012-01-05 03:15 . 2012-01-05 03:30 -------- d-----w- c:programdataAVG2012 2012-01-05 03:15 . 2008-01-02 06:41 -------- d-----w- c:windowssystem32driversAVG 2012-01-05 03:13 . 2012-01-05 03:13 -------- d-----w- c:program files (x86)AVG 2012-01-05 03:01 . 2012-01-05 03:01 -------- d-----w- c:program filesCCleaner 2012-01-05 03:01 . 2008-01-02 06:41 -------- d-----w- c:programdataMFAData 2012-01-01 05:45 . 2012-01-01 05:45 -------- d-----w- c:windowssystem32Macromed 2011-12-31 03:09 . 2011-12-31 03:10 -------- d-----w- c:usersHayleeeAppDataLocalGoogle 2011-12-31 03:08 . 2012-01-01 03:41 -------- d-----w- c:usersHayleeeAppDataLocalDeployment 2011-12-29 01:57 . 2011-12-29 01:57 -------- d-----w- c:usersHayleeeAppDataRoamingUnified Remote 2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:usersHayleeejagexcache 2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:program files (x86)Common FilesJava 2011-12-28 09:57 . 2011-12-28 09:57 -------- d-----w- c:program files (x86)Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-01 05:45 . 2011-08-21 09:24 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2011-12-10 07:24 . 2011-09-18 05:29 23152 ----a-w- c:windowssystem32driversmbam.sys 2011-11-16 22:06 . 2011-11-16 22:06 119808 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe . . ((((((((((((((((((((((((((((( [email protected]_04.26.43 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-07-14 04:54 . 2008-01-02 06:41 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2009-07-14 04:54 . 2012-01-05 04:15 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2009-07-14 04:54 . 2008-01-02 06:41 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2009-07-14 04:54 . 2008-01-02 06:41 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:39 . 2008-01-02 06:39 33036 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2008-01-02 06:39 30956 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin + 2011-05-11 13:39 . 2008-01-02 06:39 15040 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1888113294-1304185749-78946181-1000_UserData.bin + 2011-05-11 13:22 . 2008-01-02 06:38 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:22 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:22 . 2012-01-05 03:17 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-05-11 13:22 . 2008-01-02 06:38 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2009-07-14 04:54 . 2008-01-02 06:38 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-05-11 13:52 . 2008-01-02 06:38 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-07-14 04:46 . 2012-01-05 05:38 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat - 2009-07-14 04:46 . 2012-01-01 03:49 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat - 2011-05-11 13:52 . 2012-01-05 02:42 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-05-11 13:52 . 2008-01-02 06:38 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:52 . 2008-01-02 06:38 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:53 . 2012-01-11 02:11 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-05-11 13:53 . 2012-01-11 02:11 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-18 14:11 . 2012-01-08 13:21 4210 c:windowssystem32wdiERCQueuedResolutions.dat + 2008-01-02 06:37 . 2008-01-02 06:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat - 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2008-01-02 06:37 . 2008-01-02 06:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2011-09-19 09:52 . 2012-01-05 04:15 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat + 2011-09-19 09:52 . 2012-01-05 22:37 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat + 2011-05-11 15:57 . 2012-01-05 23:30 282280 c:windowssystem32wdiSuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 02:36 . 2012-01-11 02:12 669276 c:windowssystem32perfh009.dat - 2009-07-14 02:36 . 2012-01-05 04:20 669276 c:windowssystem32perfh009.dat - 2009-07-14 02:36 . 2012-01-05 04:20 125358 c:windowssystem32perfc009.dat + 2009-07-14 02:36 . 2012-01-11 02:12 125358 c:windowssystem32perfc009.dat + 2009-07-14 05:01 . 2012-01-08 14:52 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2009-07-14 05:01 . 2012-01-04 13:36 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2009-07-14 04:45 . 2012-01-05 04:58 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat - 2009-07-14 04:45 . 2012-01-01 03:37 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat + 2012-01-05 09:31 . 2012-01-05 09:31 1402880 c:windowsInstaller4edca.msi - 2009-07-14 02:34 . 2012-01-05 04:03 10223616 c:windowssystem32SMIStoreMachineschema.dat + 2009-07-14 02:34 . 2012-01-07 13:38 10223616 c:windowssystem32SMIStoreMachineschema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-07-14 1475072] "DAEMON Tools Lite"="c:program files (x86)DAEMON Tools LiteDTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2010-11-30 421888] "SwitchBoard"="c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:program files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" [2010-02-21 406992] "Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-24 460872] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-10-09 421736] "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2011-12-02 2415456] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-11 4433248] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys [x] R3 netr28ux;Belkin N1 Wireless USB Adapter Driver;c:windowssystem32DRIVERSnetr28ux.sys [x] R3 SwitchBoard;SwitchBoard;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x] S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2011-08-01 192776] S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-12-24 652872] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:program files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-04-08 2218600] S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-04-08 378472] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [x] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:windowssystem32DRIVERSRTL8192su.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-01-08 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job - c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41] . 2012-01-08 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job - c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AdobeAAMUpdater-1.0"="c:program files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2010-03-05 500208] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.google.com.au/ mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local LSP: %SYSTEMROOT%system32nvappfilter.dll TCP: DhcpNameServer = 10.1.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64shell32.dll FF - ProfilePath - c:usersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-01-11 10:18:27 ComboFix-quarantined-files.txt 2012-01-11 02:18 ComboFix2.txt 2012-01-07 12:46 ComboFix3.txt 2012-01-06 00:48 ComboFix4.txt 2012-01-05 09:19 ComboFix5.txt 2012-01-11 02:07 . Pre-Run: 290,145,316,864 bytes free Post-Run: 290,674,380,800 bytes free . - - End Of File - - F4B9CAA14897B1731ACA60CECD423CA8 Chrome and Firefox are still having the same issues.
  7. I've fixed the issue, ran it in my other PC as a 2nd HDD and used the Seagate Windows Tools and it fixed a boot sector, am about to run CFScript.
  8. Its a Seagate Barracuda 7200.10, pretty much answers all. Its just weird because when booting recovery tools or recovery from usb it goes to a black screen with a mouse pointer.
  9. Hi Jeff, I am having issues with the computer. It is not loading windows anymore (It gets to the windows 7 loading screen then goes black) I am unable to start in safe mode, and selecting to go into windows repair tools just goes to a black screen, I have tried booting a windows recovery CD but it also goes to a black screen and no further.
  10. Hi Jeff, Malwarebytes Anti-Malware (Trial) 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.08.01 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Hayleee :: HAYLEEE-PC [administrator] Protection: Enabled 1/8/2012 11:38:18 AM mbam-log-2012-01-08 (11-38-18).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 191546 Time elapsed: 2 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESETLog: C:UsersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker(1).exe a variant of Win32/SoftonicDownloader.A application C:UsersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker.exe a variant of Win32/SoftonicDownloader.A application
  11. Hi, I did uninstall AdAware. Sorry for the late reply, been out all day. ComboFix 12-01-05.03 - Hayleee 01/07/2012 20:35:38.4.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6878 [GMT 8:00] Running from: c:usersHayleeeDesktopComboFix.exe Command switches used :: c:usersHayleeeDesktopCFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:program files (x86)uTorrentBartbuTor.dll c:windowssystem32wbemPerformanceWmiApRpl_new.ini . . ((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 ))))))))))))))))))))))))))))))) . . 2012-01-07 12:41 . 2012-01-07 12:41 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp 2012-01-07 12:41 . 2012-01-07 12:41 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-01-05 09:32 . 2012-01-05 09:32 388096 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:program files (x86)HJT 2012-01-05 03:57 . 2012-01-05 04:51 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-01-05 03:56 . 2012-01-05 04:56 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-01-05 03:25 . 2012-01-05 03:25 -------- d-----w- c:usersHayleeeAppDataRoamingAVG2012 2012-01-05 03:16 . 2012-01-05 03:16 -------- d--h--w- c:programdataCommon Files 2012-01-05 03:16 . 2012-01-05 03:16 -------- d-----w- c:windowsSysWow64driversAVG 2012-01-05 03:15 . 2012-01-07 04:43 -------- d-----w- c:windowssystem32driversAVG 2012-01-05 03:15 . 2012-01-05 03:30 -------- d-----w- c:programdataAVG2012 2012-01-05 03:13 . 2012-01-05 03:13 -------- d-----w- c:program files (x86)AVG 2012-01-05 03:01 . 2012-01-05 03:01 -------- d-----w- c:program filesCCleaner 2012-01-05 03:01 . 2012-01-07 04:43 -------- d-----w- c:programdataMFAData 2012-01-01 05:45 . 2012-01-01 05:45 -------- d-----w- c:windowssystem32Macromed 2011-12-31 03:09 . 2011-12-31 03:10 -------- d-----w- c:usersHayleeeAppDataLocalGoogle 2011-12-31 03:08 . 2012-01-01 03:41 -------- d-----w- c:usersHayleeeAppDataLocalDeployment 2011-12-29 01:57 . 2011-12-29 01:57 -------- d-----w- c:usersHayleeeAppDataRoamingUnified Remote 2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:usersHayleeejagexcache 2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:program files (x86)Common FilesJava 2011-12-28 09:57 . 2011-12-28 09:57 -------- d-----w- c:program files (x86)Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-01 05:45 . 2011-08-21 09:24 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2011-12-10 07:24 . 2011-09-18 05:29 23152 ----a-w- c:windowssystem32driversmbam.sys 2011-11-16 22:06 . 2011-11-16 22:06 119808 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe . . ((((((((((((((((((((((((((((( [email protected]_04.26.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2009-07-14 04:54 . 2012-01-05 04:15 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2009-07-14 04:54 . 2012-01-05 22:37 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:39 . 2012-01-07 12:33 32348 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-01-07 12:33 30812 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin + 2011-05-11 13:39 . 2012-01-07 12:33 14390 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1888113294-1304185749-78946181-1000_UserData.bin - 2011-05-11 13:22 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-05-11 13:22 . 2012-01-07 12:32 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:22 . 2012-01-05 03:17 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-05-11 13:22 . 2012-01-07 12:32 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2009-07-14 04:54 . 2012-01-07 12:32 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:52 . 2012-01-07 12:32 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2009-07-14 04:46 . 2012-01-01 03:49 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat + 2009-07-14 04:46 . 2012-01-05 05:38 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat + 2011-05-11 13:52 . 2012-01-07 12:32 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-05-11 13:52 . 2012-01-05 02:42 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-05-11 13:52 . 2012-01-07 12:32 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-05-11 13:53 . 2012-01-07 12:32 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-05-11 13:53 . 2012-01-07 12:32 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-18 14:11 . 2012-01-05 09:25 4210 c:windowssystem32wdiERCQueuedResolutions.dat - 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2012-01-07 12:31 . 2012-01-07 12:31 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2012-01-07 12:31 . 2012-01-07 12:31 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat - 2011-09-19 09:52 . 2012-01-05 04:15 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat + 2011-09-19 09:52 . 2012-01-05 22:37 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat + 2011-05-11 15:57 . 2012-01-05 23:30 282280 c:windowssystem32wdiSuspendPerformanceDiagnostics_SystemData_FastS4.bin + 2009-07-14 02:36 . 2012-01-07 12:39 669276 c:windowssystem32perfh009.dat - 2009-07-14 02:36 . 2012-01-05 04:20 669276 c:windowssystem32perfh009.dat - 2009-07-14 02:36 . 2012-01-05 04:20 125358 c:windowssystem32perfc009.dat + 2009-07-14 02:36 . 2012-01-07 12:39 125358 c:windowssystem32perfc009.dat + 2009-07-14 05:01 . 2012-01-07 12:30 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2009-07-14 05:01 . 2012-01-04 13:36 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2009-07-14 04:45 . 2012-01-01 03:37 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat + 2009-07-14 04:45 . 2012-01-05 04:58 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat + 2012-01-05 09:31 . 2012-01-05 09:31 1402880 c:windowsInstaller4edca.msi - 2009-07-14 02:34 . 2012-01-05 04:03 10223616 c:windowssystem32SMIStoreMachineschema.dat + 2009-07-14 02:34 . 2012-01-05 13:12 10223616 c:windowssystem32SMIStoreMachineschema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-07-14 1475072] "DAEMON Tools Lite"="c:program files (x86)DAEMON Tools LiteDTLite.exe" [2011-08-02 4910912] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2010-11-30 421888] "SwitchBoard"="c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:program files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" [2010-02-21 406992] "Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-24 460872] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-10-09 421736] "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2011-12-02 2415456] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-11 4433248] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys [x] R3 netr28ux;Belkin N1 Wireless USB Adapter Driver;c:windowssystem32DRIVERSnetr28ux.sys [x] R3 SwitchBoard;SwitchBoard;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x] S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2011-08-01 192776] S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-12-24 652872] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:program files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-04-08 2218600] S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-04-08 378472] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [x] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:windowssystem32DRIVERSRTL8192su.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-01-07 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job - c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41] . 2012-01-07 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job - c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AdobeAAMUpdater-1.0"="c:program files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2010-03-05 500208] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.google.com.au/ mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local LSP: %SYSTEMROOT%system32nvappfilter.dll TCP: DhcpNameServer = 10.1.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64shell32.dll FF - ProfilePath - c:usersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default FF - prefs.js: network.proxy.type - 0 . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-01-07 20:46:23 ComboFix-quarantined-files.txt 2012-01-07 12:46 ComboFix2.txt 2012-01-06 00:48 ComboFix3.txt 2012-01-05 09:19 ComboFix4.txt 2012-01-05 04:31 . Pre-Run: 290,993,995,776 bytes free Post-Run: 290,972,225,536 bytes free . - - End Of File - - 228468961877F6427E568A6BF6A0C36A
  12. Hey, ComboFix 12-01-05.03 - Hayleee 01/06/2012 8:36.3.4 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6611 [GMT 8:00] Running from: c:usersHayleeeDesktopComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:windowssystem32wbemPerformanceWmiApRpl_new.ini . . ((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 ))))))))))))))))))))))))))))))) . . 2012-01-06 00:42 . 2012-01-06 00:42 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp 2012-01-06 00:42 . 2012-01-06 00:42 -------- d-----w- c:usersDefaultAppDataLocaltemp 2012-01-05 09:32 . 2012-01-05 09:32 388096 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:program files (x86)HJT 2012-01-05 03:57 . 2012-01-05 04:51 -------- d-----w- c:programdataSpybot - Search & Destroy 2012-01-05 03:56 . 2012-01-05 04:56 -------- d-----w- c:program files (x86)Spybot - Search & Destroy 2012-01-05 03:25 . 2012-01-05 03:25 -------- d-----w- c:usersHayleeeAppDataRoamingAVG2012 2012-01-05 03:16 . 2012-01-05 03:16 -------- d--h--w- c:programdataCommon Files 2012-01-05 03:16 . 2012-01-05 03:16 -------- d-----w- c:windowsSysWow64driversAVG 2012-01-05 03:15 . 2012-01-06 00:26 -------- d-----w- c:windowssystem32driversAVG 2012-01-05 03:15 . 2012-01-05 03:30 -------- d-----w- c:programdataAVG2012 2012-01-05 03:13 . 2012-01-05 03:13 -------- d-----w- c:program files (x86)AVG 2012-01-05 03:01 . 2012-01-05 03:01 -------- d-----w- c:program filesCCleaner 2012-01-05 03:01 . 2012-01-06 00:27 -------- d-----w- c:programdataMFAData 2012-01-01 05:45 . 2012-01-01 05:45 -------- d-----w- c:windowssystem32Macromed 2011-12-31 03:09 . 2011-12-31 03:10 -------- d-----w- c:usersHayleeeAppDataLocalGoogle 2011-12-31 03:08 . 2012-01-01 03:41 -------- d-----w- c:usersHayleeeAppDataLocalDeployment 2011-12-29 01:57 . 2011-12-29 01:57 -------- d-----w- c:usersHayleeeAppDataRoamingUnified Remote 2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:usersHayleeejagexcache 2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:program files (x86)Common FilesJava 2011-12-28 09:57 . 2011-12-28 09:57 -------- d-----w- c:program files (x86)Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-01-01 05:45 . 2011-08-21 09:24 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl 2011-12-10 07:24 . 2011-09-18 05:29 23152 ----a-w- c:windowssystem32driversmbam.sys 2011-11-16 22:06 . 2011-11-16 22:06 119808 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe . . ((((((((((((((((((((((((((((( [email protected]_04.26.43 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2009-07-14 04:54 . 2012-01-05 22:37 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2009-07-14 04:54 . 2012-01-05 04:15 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:39 . 2012-01-05 04:58 31756 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-01-05 22:48 30692 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin + 2011-05-11 13:39 . 2012-01-05 22:48 14204 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1888113294-1304185749-78946181-1000_UserData.bin - 2011-05-11 13:22 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat + 2011-05-11 13:22 . 2012-01-05 23:26 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:22 . 2012-01-05 03:17 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-05-11 13:22 . 2012-01-05 23:26 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2009-07-14 04:54 . 2012-01-05 23:26 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat - 2009-07-14 04:54 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:52 . 2012-01-05 22:40 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2009-07-14 04:46 . 2012-01-01 03:49 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat + 2009-07-14 04:46 . 2012-01-05 05:38 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat - 2011-05-11 13:52 . 2012-01-05 02:42 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat + 2011-05-11 13:52 . 2012-01-05 22:40 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat - 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:52 . 2012-01-05 22:40 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:53 . 2012-01-06 00:07 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat - 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-11 13:53 . 2012-01-06 00:07 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat + 2011-05-18 14:11 . 2012-01-05 09:25 4210 c:windowssystem32wdiERCQueuedResolutions.dat - 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat + 2012-01-05 09:26 . 2012-01-05 22:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat - 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2012-01-05 09:26 . 2012-01-05 22:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat + 2011-09-19 09:52 . 2012-01-05 22:37 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat - 2011-09-19 09:52 . 2012-01-05 04:15 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat + 2011-05-11 15:57 . 2012-01-05 23:30 282280 c:windowssystem32wdiSuspendPerformanceDiagnostics_SystemData_FastS4.bin - 2009-07-14 02:36 . 2012-01-05 04:20 669276 c:windowssystem32perfh009.dat + 2009-07-14 02:36 . 2012-01-06 00:40 669276 c:windowssystem32perfh009.dat - 2009-07-14 02:36 . 2012-01-05 04:20 125358 c:windowssystem32perfc009.dat + 2009-07-14 02:36 . 2012-01-06 00:40 125358 c:windowssystem32perfc009.dat - 2009-07-14 05:01 . 2012-01-04 13:36 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat + 2009-07-14 05:01 . 2012-01-05 09:25 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat - 2009-07-14 04:45 . 2012-01-01 03:37 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat + 2009-07-14 04:45 . 2012-01-05 04:58 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat + 2012-01-05 09:31 . 2012-01-05 09:31 1402880 c:windowsInstaller4edca.msi - 2009-07-14 02:34 . 2012-01-05 04:03 10223616 c:windowssystem32SMIStoreMachineschema.dat + 2009-07-14 02:34 . 2012-01-05 13:12 10223616 c:windowssystem32SMIStoreMachineschema.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:program files (x86)uTorrentBartbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOTclsid{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2010-12-09 05:51 3911776 ----a-w- c:program files (x86)uTorrentBartbuTor.dll . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:program files (x86)uTorrentBartbuTor.dll" [2010-12-09 3911776] . [HKEY_CLASSES_ROOTclsid{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-07-14 1475072] "DAEMON Tools Lite"="c:program files (x86)DAEMON Tools LiteDTLite.exe" [2011-08-02 4910912] "SpybotSD TeaTimer"="c:program files (x86)Spybot - Search & DestroyTeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun] "QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2010-11-30 421888] "SwitchBoard"="c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:program files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" [2010-02-21 406992] "Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-24 460872] "APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-26 59240] "iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-10-09 421736] "AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2011-12-02 2415456] . [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576] R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys [x] R3 netr28ux;Belkin N1 Wireless USB Adapter Driver;c:windowssystem32DRIVERSnetr28ux.sys [x] R3 SwitchBoard;SwitchBoard;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096] R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x] S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x] S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-11 4433248] S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2011-08-01 192776] S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-12-24 652872] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:program files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-04-08 2218600] S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-04-08 378472] S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [x] S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x] S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:windowssystem32DRIVERSRTL8192su.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR *Deregistered* - Lavasoft Kernexplorer . Contents of the 'Scheduled Tasks' folder . 2012-01-05 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job - c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41] . 2012-01-06 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job - c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "AdobeAAMUpdater-1.0"="c:program files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2010-03-05 500208] . ------- Supplementary Scan ------- . uLocal Page = c:windowssystem32blank.htm uStart Page = hxxp://www.google.com.au/ mLocal Page = c:windowsSysWOW64blank.htm uInternet Settings,ProxyOverride = *.local LSP: %SYSTEMROOT%system32nvappfilter.dll TCP: DhcpNameServer = 10.1.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64shell32.dll FF - ProfilePath - c:usersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32] @="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus] @="0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32] @="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version] @="1.0" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity] @Denied: (Full) (Everyone) . Completion time: 2012-01-06 08:48:05 ComboFix-quarantined-files.txt 2012-01-06 00:48 ComboFix2.txt 2012-01-05 09:19 ComboFix3.txt 2012-01-05 04:31 . Pre-Run: 291,412,824,064 bytes free Post-Run: 291,390,291,968 bytes free . - - End Of File - - FE404B36DE78CD58A4A54C6E8EF9070A
  13. Hi Jeff, Thanks for your help so far DDS LOG: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 Run by Hayleee at 6:51:22 on 2012-01-06 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6222 [GMT 8:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} . ============== Running Processes =============== . C:PROGRA~2AVGAVG2012avgrsa.exe C:Program Files (x86)AVGAVG2012avgcsrva.exe C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32nvvsvc.exe C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe C:Windowssystem32nvvsvc.exe C:Windowssystem32svchost.exe -k NetworkService C:Program Files (x86)LavasoftAd-AwareAAWService.exe C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program Files (x86)AVGAVG2012avgwdsvc.exe C:Program FilesBonjourmDNSResponder.exe C:WindowsSysWOW64PnkBstrA.exe C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe C:Windowssystem32wbemunsecapp.exe C:Windowssystem32wbemwmiprvse.exe C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe C:Program Files (x86)AVGAVG2012avgnsa.exe C:Program Files (x86)AVGAVG2012avgemca.exe C:Windowssystem32WUDFHost.exe C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe C:Program FilesWindows Media Playerwmpnetwk.exe C:Windowssystem32SearchIndexer.exe C:Windowssystem32taskhost.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Program FilesWindows Sidebarsidebar.exe C:Program Files (x86)DAEMON Tools LiteDTLite.exe C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe C:Program FilesNVIDIA CorporationDisplaynvtray.exe C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe C:Program Files (x86)iTunesiTunesHelper.exe C:Program Files (x86)AVGAVG2012avgtray.exe C:Program FilesiPodbiniPodService.exe C:WindowsSystem32svchost.exe -k LocalServicePeerNet C:Program Files (x86)Internet Exploreriexplore.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Windowssystem32DllHost.exe C:Windowssystem32taskeng.exe C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe C:Program Files (x86)LavasoftAd-AwareAAWTray.exe C:Program Files (x86)Internet Exploreriexplore.exe C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:WindowsSysWOW64cmd.exe C:Windowssystem32conhost.exe C:WindowsSysWOW64cscript.exe C:Windowssystem32wbemwmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.au/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:PROGRA~2SPYBOT~1SDHelper.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll uRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun uRun: [DAEMON Tools Lite] "C:Program Files (x86)DAEMON Tools LiteDTLite.exe" -autorun uRun: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime mRun: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll LSP: %SYSTEMROOT%system32nvappfilter.dll DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 10.1.1.1 TCP: Interfaces{6C76B5D7-DF34-4C95-BEF2-3E0CF83ABC5D} : DhcpNameServer = 10.4.85.135 10.4.176.231 TCP: Interfaces{856747D4-0E15-4F15-8FA9-82235683E5FC} : DhcpNameServer = 10.1.1.1 TCP: Interfaces{BB29DAFB-C723-47A0-A4DB-C2DD6CD63C85} : DhcpNameServer = 10.1.1.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime mRun-x64: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default FF - prefs.js: network.proxy.type - 0 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:Windowssystem32DRIVERSAVGIDSEH.Sys --> C:Windowssystem32DRIVERSAVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?] R0 Lbd;Lbd;C:Windowssystem32DRIVERSLbd.sys --> C:Windowssystem32DRIVERSLbd.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:Windowssystem32DRIVERSdtsoftbus01.sys --> C:Windowssystem32DRIVERSdtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:Windowssystem32DRIVERSvwififlt.sys --> C:Windowssystem32DRIVERSvwififlt.sys [?] R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2011-8-2 192776] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:Program Files (x86)LavasoftAd-AwareAAWService.exe [2011-11-3 2152152] R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-9-18 652872] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-5-11 2218600] R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2012-1-5 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-4-8 378472] R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSAVGIDSDriver.Sys --> C:Windowssystem32DRIVERSAVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSAVGIDSFilter.Sys --> C:Windowssystem32DRIVERSAVGIDSFilter.Sys [?] R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys [2011-9-18 17152] R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:Windowssystem32DRIVERSRTL8192su.sys --> C:Windowssystem32DRIVERSRTL8192su.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576] S3 Netaapl;Apple Mobile Device Ethernet Service;C:Windowssystem32DRIVERSnetaapl64.sys --> C:Windowssystem32DRIVERSnetaapl64.sys [?] S3 netr28ux;Belkin N1 Wireless USB Adapter Driver;C:Windowssystem32DRIVERSnetr28ux.sys --> C:Windowssystem32DRIVERSnetr28ux.sys [?] S3 SwitchBoard;SwitchBoard;C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-2-19 517096] S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-01-05 09:32:09 388096 ----a-r- C:UsersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe 2012-01-05 09:32:08 -------- d-----w- C:Program Files (x86)HJT 2012-01-05 09:29:18 -------- d-sh--w- C:$RECYCLE.BIN 2012-01-05 06:32:23 16432 ----a-w- C:WindowsSystem32lsdelete.exe 2012-01-05 04:13:53 98816 ----a-w- C:Windowssed.exe 2012-01-05 04:13:53 518144 ----a-w- C:WindowsSWREG.exe 2012-01-05 04:13:53 256000 ----a-w- C:WindowsPEV.exe 2012-01-05 04:13:53 208896 ----a-w- C:WindowsMBR.exe 2012-01-05 03:57:00 -------- d-----w- C:ProgramDataSpybot - Search & Destroy 2012-01-05 03:56:59 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy 2012-01-05 03:25:48 -------- d-----w- C:UsersHayleeeAppDataRoamingAVG2012 2012-01-05 03:16:52 -------- d--h--w- C:ProgramDataCommon Files 2012-01-05 03:16:36 -------- d-----w- C:WindowsSysWow64driversAVG 2012-01-05 03:15:03 -------- d-----w- C:WindowsSystem32driversAVG 2012-01-05 03:15:03 -------- d-----w- C:ProgramDataAVG2012 2012-01-05 03:13:56 -------- d-----w- C:Program Files (x86)AVG 2012-01-05 03:01:37 -------- d-----w- C:Program FilesCCleaner 2012-01-05 03:01:21 -------- d-----w- C:ProgramDataMFAData 2011-12-31 03:09:19 -------- d-----w- C:UsersHayleeeAppDataLocalGoogle 2011-12-31 03:08:34 -------- d-----w- C:UsersHayleeeAppDataLocalDeployment 2011-12-29 01:57:11 -------- d-----w- C:UsersHayleeeAppDataRoamingUnified Remote 2011-12-28 09:58:56 -------- d-----w- C:UsersHayleeejagexcache . ==================== Find3M ==================== . 2012-01-01 05:45:09 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl 2011-12-10 07:24:08 23152 ----a-w- C:WindowsSystem32driversmbam.sys 2011-11-03 04:06:56 69376 ----a-w- C:WindowsSystem32driversLbd.sys . ============= FINISH: 6:52:06.51 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: DeviceHarddiskVolume1 Install Date: 5/11/2011 9:24:26 PM System Uptime: 1/6/2012 6:37:07 AM (0 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5N-D Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 271.464 GiB free. D: is CDROM () F: is Removable G: is Removable H: is Removable I: is CDROM () J: is CDROM () K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP94: 1/5/2012 8:48:54 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . µTorrent Ad-Aware Adobe AIR Adobe Community Help Adobe Flash Player 11 Plugin Adobe Media Player Adobe Photoshop CS5 Advanced Combat Tracker (remove only) Apple Application Support Apple Software Update Battlefield: Bad Company 2 Belkin Connect Wireless USB Adapter Belkin N1 Wireless USB Adapter Belkin N1 Wireless USB Adapter Setup Black & White® 2 Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer D3DX10 DAEMON Tools Lite Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.14.00.802 HiJackThis Magic ISO Maker v5.5 (build 0272) Malwarebytes Anti-Malware version 1.60.0.1800 MapleStory Microsoft .NET Framework 1.1 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Mixtrilo Morrowind Mozilla Firefox 8.0 (x86 en-US) MSVCRT Nexon Game Manager NVIDIA 3D Vision Controller Driver NVIDIA ForceWare Network Access Manager NVIDIA PhysX NVIDIA Stereoscopic 3D Driver PDF Settings CS5 PunkBuster Services QuickTime Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Spybot - Search & Destroy Steam Team Fortress 2 TES Construction Set The Settlers 7 - Paths to a Kingdom The Sims™ 3 Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) uTorrentBar Toolbar Visual Studio 2008 x64 Redistributables VLC media player 1.1.9 Win7codecs Windows 7 USB/DVD Download Tool Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== Event Viewer Messages From Past Week ======== . 12/31/2011 2:43:37 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 12/31/2011 12:25:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 12/31/2011 10:41:19 AM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). 1/6/2012 6:40:03 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} and APPID {066FCC09-2096-4EEF-AA2F-353DB80F1BF8} to the user NT AUTHORITYNETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/6/2012 6:40:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} and APPID {066FCC09-2096-4EEF-AA2F-353DB80F1BF8} to the user Hayleee-PCUpdatusUser SID (S-1-5-21-1888113294-1304185749-78946181-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/5/2012 8:48:39 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 1/5/2012 5:14:20 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 1/5/2012 5:14:00 PM, Error: Application Popup [1060] - ??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 1/5/2012 5:12:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 1/5/2012 5:12:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running. 1/5/2012 5:09:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running. 1/5/2012 5:09:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s). 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 2:09:34 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 1/5/2012 2:07:30 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 1/5/2012 12:16:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 1/5/2012 12:02:30 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified. 1/1/2012 6:57:36 AM, Error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s). 1/1/2012 6:57:34 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s). 1/1/2012 6:57:32 AM, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s). 1/1/2012 6:57:19 AM, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s). 1/1/2012 5:45:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623} 1/1/2012 5:44:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 1/1/2012 5:44:56 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 1/1/2012 5:33:16 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 1/1/2012 5:30:37 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting. 1/1/2012 11:49:23 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243 1/1/2012 11:49:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect. 1/1/2012 11:49:07 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. . ==== End Of File =========================== aswMBR: aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software Run date: 2012-01-06 06:53:45 ----------------------------- 06:53:45.719 OS Version: Windows x64 6.1.7600 06:53:45.719 Number of processors: 4 586 0xF0B 06:53:45.719 ComputerName: HAYLEEE-PC UserName: Hayleee 06:53:47.232 Initialize success 06:54:03.729 AVAST engine download error: 0 06:55:16.031 Disk 0 (boot) DeviceHarddisk0DR0 -> Device00000065 06:55:16.031 Disk 0 Vendor: ST350032 SD15 Size: 476940MB BusType: 6 06:55:16.046 Disk 0 MBR read successfully 06:55:16.046 Disk 0 MBR scan 06:55:16.062 Disk 0 Windows 7 default MBR code 06:55:16.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63 06:55:16.062 Service scanning 06:55:17.154 Modules scanning 06:55:17.154 Disk 0 trace - called modules: 06:55:17.154 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 06:55:17.154 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8008141060] 06:55:17.154 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa8007e8edb0] 06:55:17.169 5 ACPI.sys[fffff88000f77781] -> nt!IofCallDriver -> Device00000065[0xfffffa8007e9a060] 06:55:17.653 Scan finished successfully 06:55:21.647 Disk 0 MBR has been saved successfully to "C:UsersHayleeeDesktopMBR.dat" 06:55:21.647 The log file has been saved successfully to "C:UsersHayleeeDesktopaswMBR.txt"
  14. Hi all, I am unable to use Firefox or Chrome. My issue started when Firefox became extremely laggy so I rebooted my PC, and it would not load at all, I then uninstall Firefox and installed Chrome. Chrome would not launch at all either. So I did a system restore to a few days before, now when I started Firefox it would crash and give me a error report with this in the details: AvailableVirtualMemory: 4156788736 BuildID: 20111104165243 CrashTime: 1325755999 InstallTime: 1321152758 ProductName: Firefox ReleaseChannel: release SecondsSinceLastCrash: 16517 StartupTime: 1325755998 SystemMemoryUsePercentage: 24 Throttleable: 1 TotalVirtualMemory: 4294836224 URL: Vendor: Mozilla Version: 8.0 Winsock_LSP: NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]] : 2 : 1 : %SYSTEMROOT%system32nvappfilter.dll NVIDIA App Filter over [MSAFD Tcpip [uDP/IP]] : 2 : 2 : NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]] : 2 : 3 : %SYSTEMROOT%system32nvappfilter.dll MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%system32mswsock.dll MSAFD Tcpip [uDP/IP] : 2 : 2 : MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%system32mswsock.dll MSAFD Tcpip [TCP/IPv6] : 2 : 1 : MSAFD Tcpip [uDP/IPv6] : 2 : 2 : %SystemRoot%system32mswsock.dll MSAFD Tcpip [RAW/IPv6] : 2 : 3 : RSVP TCPv6 Service Provider : 2 : 1 : %SystemRoot%system32mswsock.dll RSVP TCP Service Provider : 2 : 1 : RSVP UDPv6 Service Provider : 2 : 2 : %SystemRoot%system32mswsock.dll RSVP UDP Service Provider : 2 : 2 : NVIDIA App Filter : 2 : 1 : This report also contains technical information about the state of the application when it crashed. I have run a full AVG scan, a Spybot S&D Scan and a AdAware Scan with no negative results, Internet Explorer works with no problems, so here is my HJT log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:35:17 PM, on 1/5/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16800) Boot mode: Normal Running processes: C:Program Files (x86)DAEMON Tools LiteDTLite.exe C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe C:Program Files (x86)LavasoftAd-AwareAAWTray.exe C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe C:Program Files (x86)iTunesiTunesHelper.exe C:Program Files (x86)AVGAVG2012avgtray.exe C:Program Files (x86)HJTTrend MicroHiJackThisHiJackThis.exe R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime O4 - HKLM..Run: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe O4 - HKLM..Run: [AdobeCS5ServiceManager] "C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin O4 - HKLM..Run: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe" O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program Files (x86)DAEMON Tools LiteDTLite.exe" -autorun O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe O4 - HKUSS-1-5-21-1888113294-1304185749-78946181-1003..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUSS-1-5-21-1888113294-1304185749-78946181-1003..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'UpdatusUser') O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:Program Files (x86)LavasoftAd-AwareAAWService.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing) O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:Windowssystem32nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing) O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing) O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing) O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing) O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing) O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing) O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing) O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing) O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing) -- End of file - 9039 bytes
×
×
  • Create New...