Jump to content
Sign in to follow this  
yoyocool2

Unable to use Chrome or Firefox

Recommended Posts

Hi all,

 

I am unable to use Firefox or Chrome.

 

My issue started when Firefox became extremely laggy so I rebooted my PC, and it would not load at all, I then uninstall Firefox and installed Chrome. Chrome would not launch at all either. So I did a system restore to a few days before, now when I started Firefox it would crash and give me a error report with this in the details:

AvailableVirtualMemory: 4156788736

BuildID: 20111104165243

CrashTime: 1325755999

InstallTime: 1321152758

ProductName: Firefox

ReleaseChannel: release

SecondsSinceLastCrash: 16517

StartupTime: 1325755998

SystemMemoryUsePercentage: 24

Throttleable: 1

TotalVirtualMemory: 4294836224

URL:

Vendor: Mozilla

Version: 8.0

Winsock_LSP: NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]] : 2 : 1 : %SYSTEMROOT%system32nvappfilter.dll

NVIDIA App Filter over [MSAFD Tcpip [uDP/IP]] : 2 : 2 :

NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]] : 2 : 3 : %SYSTEMROOT%system32nvappfilter.dll

MSAFD Tcpip [TCP/IP] : 2 : 1 : %SystemRoot%system32mswsock.dll

MSAFD Tcpip [uDP/IP] : 2 : 2 :

MSAFD Tcpip [RAW/IP] : 2 : 3 : %SystemRoot%system32mswsock.dll

MSAFD Tcpip [TCP/IPv6] : 2 : 1 :

MSAFD Tcpip [uDP/IPv6] : 2 : 2 : %SystemRoot%system32mswsock.dll

MSAFD Tcpip [RAW/IPv6] : 2 : 3 :

RSVP TCPv6 Service Provider : 2 : 1 : %SystemRoot%system32mswsock.dll

RSVP TCP Service Provider : 2 : 1 :

RSVP UDPv6 Service Provider : 2 : 2 : %SystemRoot%system32mswsock.dll

RSVP UDP Service Provider : 2 : 2 :

NVIDIA App Filter : 2 : 1 :

This report also contains technical information about the state of the application when it crashed.

 

I have run a full AVG scan, a Spybot S&D Scan and a AdAware Scan with no negative results, Internet Explorer works with no problems, so here is my HJT log.

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 5:35:17 PM, on 1/5/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16800)

Boot mode: Normal

Running processes:

C:Program Files (x86)DAEMON Tools LiteDTLite.exe

C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe

C:Program Files (x86)LavasoftAd-AwareAAWTray.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)AVGAVG2012avgtray.exe

C:Program Files (x86)HJTTrend MicroHiJackThisHiJackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft....k/?LinkId=69157

R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)

O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

O4 - HKLM..Run: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

O4 - HKLM..Run: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe

O4 - HKLM..Run: [AdobeCS5ServiceManager] "C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

O4 - HKLM..Run: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

O4 - HKLM..Run: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

O4 - HKLM..Run: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

O4 - HKCU..Run: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program Files (x86)DAEMON Tools LiteDTLite.exe" -autorun

O4 - HKCU..Run: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe

O4 - HKUSS-1-5-21-1888113294-1304185749-78946181-1003..Run: [sidebar] %ProgramFiles%Windows SidebarSidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUSS-1-5-21-1888113294-1304185749-78946181-1003..RunOnce: [mctadmin] C:WindowsSystem32mctadmin.exe (User 'UpdatusUser')

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~2SPYBOT~1SDHelper.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O10 - Unknown file in Winsock LSP: c:program files (x86)common filesmicrosoft sharedwindows livewlidnsp.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%system32Alg.exe,-112 (ALG) - Unknown owner - C:WindowsSystem32alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program Files (x86)AVGAVG2012avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe

O23 - Service: @%SystemRoot%system32efssvc.dll,-100 (EFS) - Unknown owner - C:WindowsSystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32fxsresm.dll,-118 (Fax) - Unknown owner - C:Windowssystem32fxssvc.exe (file missing)

O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:Program Files (x86)LavasoftAd-AwareAAWService.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:WindowsSystem32msdtc.exe (file missing)

O23 - Service: @%SystemRoot%System32netlogon.dll,-102 (Netlogon) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:Windowssystem32nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:Windowssystem32PnkBstrA.exe

O23 - Service: @%systemroot%system32psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%systemroot%system32Locator.exe,-2 (RpcLocator) - Unknown owner - C:Windowssystem32locator.exe (file missing)

O23 - Service: @%SystemRoot%system32samsrv.dll,-1 (SamSs) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe

O23 - Service: @%SystemRoot%system32snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:WindowsSystem32snmptrap.exe (file missing)

O23 - Service: @%systemroot%system32spoolsv.exe,-1 (Spooler) - Unknown owner - C:WindowsSystem32spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%system32sppsvc.exe,-101 (sppsvc) - Unknown owner - C:Windowssystem32sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:Program Files (x86)Common FilesSteamSteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe

O23 - Service: @%SystemRoot%system32ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:Windowssystem32UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%system32vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:Windowssystem32lsass.exe (file missing)

O23 - Service: @%SystemRoot%system32vds.exe,-100 (vds) - Unknown owner - C:WindowsSystem32vds.exe (file missing)

O23 - Service: @%systemroot%system32vssvc.exe,-102 (VSS) - Unknown owner - C:Windowssystem32vssvc.exe (file missing)

O23 - Service: @%SystemRoot%system32WatWatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:Windowssystem32WatWatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%system32wbengine.exe,-104 (wbengine) - Unknown owner - C:Windowssystem32wbengine.exe (file missing)

O23 - Service: @%Systemroot%system32wbemwmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:Windowssystem32wbemWmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%Windows Media Playerwmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:Program Files (x86)Windows Media Playerwmpnetwk.exe (file missing)

--

End of file - 9039 bytes

Edited by yoyocool2

Share this post


Link to post
Share on other sites

Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.

  • Please subscribe to this topic, if you haven't already.

  • The fixes are specific to your problem and should only be used for the issues on this machine.

  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.

  • It's often worth reading through these instructions and printing them for ease of reference.

  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.

  • Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete anything unless instructed to.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

 

Vista and Windows 7 users:

These tools MUST be run from the executable (.exe) every time you run them

with Admin Rights (Right click, choose "Run as Administrator")

 

Stay with this topic until I give you the all clean post.

----------

 

 

Please download DDS from either of these links

 

LINK 1

LINK 2

 

and save it to your desktop.

  • Disable any script blocking protection
  • Right-click and Run as Administrator dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

 

DDS.txt

 

Attach.txt

----------

 

 

Please download aswMBR to your desktop.

  • Right click and Run as Administrator the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
Posted Image

Click the image to enlarge it

----------

 

In your next reply please post both logs created by DDS and the log made by aswMBR.exe. :)

Share this post


Link to post
Share on other sites

Hi Jeff, Thanks for your help so far :)

 

DDS LOG:

 

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by Hayleee at 6:51:22 on 2012-01-06

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6222 [GMT 8:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:PROGRA~2AVGAVG2012avgrsa.exe

C:Program Files (x86)AVGAVG2012avgcsrva.exe

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Windowssystem32nvvsvc.exe

C:Windowssystem32svchost.exe -k RPCSS

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k LocalService

C:Program FilesNVIDIA CorporationDisplayNvXDSync.exe

C:Windowssystem32nvvsvc.exe

C:Windowssystem32svchost.exe -k NetworkService

C:Program Files (x86)LavasoftAd-AwareAAWService.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program Files (x86)AVGAVG2012avgwdsvc.exe

C:Program FilesBonjourmDNSResponder.exe

C:WindowsSysWOW64PnkBstrA.exe

C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe

C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe

C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32wbemwmiprvse.exe

C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe

C:Program Files (x86)AVGAVG2012avgnsa.exe

C:Program Files (x86)AVGAVG2012avgemca.exe

C:Windowssystem32WUDFHost.exe

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe

C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32SearchIndexer.exe

C:Windowssystem32taskhost.exe

C:Windowssystem32Dwm.exe

C:WindowsExplorer.EXE

C:Program FilesWindows Sidebarsidebar.exe

C:Program Files (x86)DAEMON Tools LiteDTLite.exe

C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe

C:Program FilesNVIDIA CorporationDisplaynvtray.exe

C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe

C:Program Files (x86)iTunesiTunesHelper.exe

C:Program Files (x86)AVGAVG2012avgtray.exe

C:Program FilesiPodbiniPodService.exe

C:WindowsSystem32svchost.exe -k LocalServicePeerNet

C:Program Files (x86)Internet Exploreriexplore.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32taskeng.exe

C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe

C:Program Files (x86)LavasoftAd-AwareAAWTray.exe

C:Program Files (x86)Internet Exploreriexplore.exe

C:Windowssystem32SearchProtocolHost.exe

C:Windowssystem32SearchFilterHost.exe

C:WindowsSysWOW64cmd.exe

C:Windowssystem32conhost.exe

C:WindowsSysWOW64cscript.exe

C:Windowssystem32wbemwmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG2012avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:PROGRA~2SPYBOT~1SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

uRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun

uRun: [DAEMON Tools Lite] "C:Program Files (x86)DAEMON Tools LiteDTLite.exe" -autorun

uRun: [spybotSD TeaTimer] C:Program Files (x86)Spybot - Search & DestroyTeaTimer.exe

mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin

mRun: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll

LSP: %SYSTEMROOT%system32nvappfilter.dll

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 10.1.1.1

TCP: Interfaces{6C76B5D7-DF34-4C95-BEF2-3E0CF83ABC5D} : DhcpNameServer = 10.4.85.135 10.4.176.231

TCP: Interfaces{856747D4-0E15-4F15-8FA9-82235683E5FC} : DhcpNameServer = 10.1.1.1

TCP: Interfaces{BB29DAFB-C723-47A0-A4DB-C2DD6CD63C85} : DhcpNameServer = 10.1.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program Files (x86)Windows LivePhoto GalleryAlbumDownloadProtocolHandler.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~2SPYBOT~1SDHelper.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program Files (x86)Common FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:Program Files (x86)uTorrentBartbuTor.dll

mRun-x64: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime

mRun-x64: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" -launchedbylogin

mRun-x64: [Malwarebytes' Anti-Malware] "C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe" /starttray

mRun-x64: [APSDaemon] "C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe"

mRun-x64: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe"

mRun-x64: [AVG_TRAY] "C:Program Files (x86)AVGAVG2012avgtray.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default

FF - prefs.js: network.proxy.type - 0

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:Windowssystem32DRIVERSAVGIDSEH.Sys --> C:Windowssystem32DRIVERSAVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:Windowssystem32DRIVERSavgrkx64.sys --> C:Windowssystem32DRIVERSavgrkx64.sys [?]

R0 Lbd;Lbd;C:Windowssystem32DRIVERSLbd.sys --> C:Windowssystem32DRIVERSLbd.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:Windowssystem32DRIVERSavgldx64.sys --> C:Windowssystem32DRIVERSavgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:Windowssystem32DRIVERSavgmfx64.sys --> C:Windowssystem32DRIVERSavgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:Windowssystem32DRIVERSavgtdia.sys --> C:Windowssystem32DRIVERSavgtdia.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:Windowssystem32DRIVERSdtsoftbus01.sys --> C:Windowssystem32DRIVERSdtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:Windowssystem32DRIVERSvwififlt.sys --> C:Windowssystem32DRIVERSvwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG2012avgwdsvc.exe [2011-8-2 192776]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:Program Files (x86)LavasoftAd-AwareAAWService.exe [2011-11-3 2152152]

R2 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-9-18 652872]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-5-11 2218600]

R2 SBSDWSCService;SBSD Security Center Service;C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe [2012-1-5 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-4-8 378472]

R3 AVGIDSDriver;AVGIDSDriver;C:Windowssystem32DRIVERSAVGIDSDriver.Sys --> C:Windowssystem32DRIVERSAVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:Windowssystem32DRIVERSAVGIDSFilter.Sys --> C:Windowssystem32DRIVERSAVGIDSFilter.Sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:Program Files (x86)LavasoftAd-Awarekernexplorer64.sys [2011-9-18 17152]

R3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:Windowssystem32DRIVERSRTL8192su.sys --> C:Windowssystem32DRIVERSRTL8192su.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:Windowssystem32DRIVERSnetaapl64.sys --> C:Windowssystem32DRIVERSnetaapl64.sys [?]

S3 netr28ux;Belkin N1 Wireless USB Adapter Driver;C:Windowssystem32DRIVERSnetr28ux.sys --> C:Windowssystem32DRIVERSnetr28ux.sys [?]

S3 SwitchBoard;SwitchBoard;C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-2-19 517096]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:Windowssystem32WatWatAdminSvc.exe --> C:Windowssystem32WatWatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-01-05 09:32:09 388096 ----a-r- C:UsersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-05 09:32:08 -------- d-----w- C:Program Files (x86)HJT

2012-01-05 09:29:18 -------- d-sh--w- C:$RECYCLE.BIN

2012-01-05 06:32:23 16432 ----a-w- C:WindowsSystem32lsdelete.exe

2012-01-05 04:13:53 98816 ----a-w- C:Windowssed.exe

2012-01-05 04:13:53 518144 ----a-w- C:WindowsSWREG.exe

2012-01-05 04:13:53 256000 ----a-w- C:WindowsPEV.exe

2012-01-05 04:13:53 208896 ----a-w- C:WindowsMBR.exe

2012-01-05 03:57:00 -------- d-----w- C:ProgramDataSpybot - Search & Destroy

2012-01-05 03:56:59 -------- d-----w- C:Program Files (x86)Spybot - Search & Destroy

2012-01-05 03:25:48 -------- d-----w- C:UsersHayleeeAppDataRoamingAVG2012

2012-01-05 03:16:52 -------- d--h--w- C:ProgramDataCommon Files

2012-01-05 03:16:36 -------- d-----w- C:WindowsSysWow64driversAVG

2012-01-05 03:15:03 -------- d-----w- C:WindowsSystem32driversAVG

2012-01-05 03:15:03 -------- d-----w- C:ProgramDataAVG2012

2012-01-05 03:13:56 -------- d-----w- C:Program Files (x86)AVG

2012-01-05 03:01:37 -------- d-----w- C:Program FilesCCleaner

2012-01-05 03:01:21 -------- d-----w- C:ProgramDataMFAData

2011-12-31 03:09:19 -------- d-----w- C:UsersHayleeeAppDataLocalGoogle

2011-12-31 03:08:34 -------- d-----w- C:UsersHayleeeAppDataLocalDeployment

2011-12-29 01:57:11 -------- d-----w- C:UsersHayleeeAppDataRoamingUnified Remote

2011-12-28 09:58:56 -------- d-----w- C:UsersHayleeejagexcache

.

==================== Find3M ====================

.

2012-01-01 05:45:09 414368 ----a-w- C:WindowsSysWow64FlashPlayerCPLApp.cpl

2011-12-10 07:24:08 23152 ----a-w- C:WindowsSystem32driversmbam.sys

2011-11-03 04:06:56 69376 ----a-w- C:WindowsSystem32driversLbd.sys

.

============= FINISH: 6:52:06.51 ===============

 

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: DeviceHarddiskVolume1

Install Date: 5/11/2011 9:24:26 PM

System Uptime: 1/6/2012 6:37:07 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5N-D

Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 271.464 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is CDROM ()

J: is CDROM ()

K: is Removable

L: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP94: 1/5/2012 8:48:54 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

µTorrent

Ad-Aware

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Advanced Combat Tracker (remove only)

Apple Application Support

Apple Software Update

Battlefield: Bad Company 2

Belkin Connect Wireless USB Adapter

Belkin N1 Wireless USB Adapter

Belkin N1 Wireless USB Adapter Setup

Black & White® 2

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

D3DX10

DAEMON Tools Lite

Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.14.00.802

HiJackThis

Magic ISO Maker v5.5 (build 0272)

Malwarebytes Anti-Malware version 1.60.0.1800

MapleStory

Microsoft .NET Framework 1.1

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WSE 3.0 Runtime

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mixtrilo

Morrowind

Mozilla Firefox 8.0 (x86 en-US)

MSVCRT

Nexon Game Manager

NVIDIA 3D Vision Controller Driver

NVIDIA ForceWare Network Access Manager

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

PDF Settings CS5

PunkBuster Services

QuickTime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Spybot - Search & Destroy

Steam

Team Fortress 2

TES Construction Set

The Settlers 7 - Paths to a Kingdom

The Sims™ 3

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

uTorrentBar Toolbar

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.9

Win7codecs

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

.

==== Event Viewer Messages From Past Week ========

.

12/31/2011 2:43:37 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

12/31/2011 12:25:05 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

12/31/2011 10:41:19 AM, Error: Service Control Manager [7034] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).

1/6/2012 6:40:03 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} and APPID {066FCC09-2096-4EEF-AA2F-353DB80F1BF8} to the user NT AUTHORITYNETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/6/2012 6:40:00 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1} and APPID {066FCC09-2096-4EEF-AA2F-353DB80F1BF8} to the user Hayleee-PCUpdatusUser SID (S-1-5-21-1888113294-1304185749-78946181-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/5/2012 8:48:39 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

1/5/2012 5:14:20 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/5/2012 5:14:00 PM, Error: Application Popup [1060] - ??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

1/5/2012 5:12:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

1/5/2012 5:12:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.

1/5/2012 5:09:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.

1/5/2012 5:09:33 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 5:07:33 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 2:09:34 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

1/5/2012 2:07:30 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

1/5/2012 2:07:25 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1/5/2012 12:16:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running.

1/5/2012 12:02:30 PM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.

1/1/2012 6:57:36 AM, Error: Service Control Manager [7034] - The ForceWare IP service service terminated unexpectedly. It has done this 1 time(s).

1/1/2012 6:57:34 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).

1/1/2012 6:57:32 AM, Error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).

1/1/2012 6:57:19 AM, Error: Service Control Manager [7034] - The ForceWare Intelligent Application Manager (IAM) service terminated unexpectedly. It has done this 1 time(s).

1/1/2012 5:45:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

1/1/2012 5:44:56 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

1/1/2012 5:44:56 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/1/2012 5:33:16 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

1/1/2012 5:30:37 AM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.

1/1/2012 11:49:23 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

1/1/2012 11:49:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.

1/1/2012 11:49:07 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

 

 

aswMBR:

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software

Run date: 2012-01-06 06:53:45

-----------------------------

06:53:45.719 OS Version: Windows x64 6.1.7600

06:53:45.719 Number of processors: 4 586 0xF0B

06:53:45.719 ComputerName: HAYLEEE-PC UserName: Hayleee

06:53:47.232 Initialize success

06:54:03.729 AVAST engine download error: 0

06:55:16.031 Disk 0 (boot) DeviceHarddisk0DR0 -> Device00000065

06:55:16.031 Disk 0 Vendor: ST350032 SD15 Size: 476940MB BusType: 6

06:55:16.046 Disk 0 MBR read successfully

06:55:16.046 Disk 0 MBR scan

06:55:16.062 Disk 0 Windows 7 default MBR code

06:55:16.062 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63

06:55:16.062 Service scanning

06:55:17.154 Modules scanning

06:55:17.154 Disk 0 trace - called modules:

06:55:17.154 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys

06:55:17.154 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0xfffffa8008141060]

06:55:17.154 3 CLASSPNP.SYS[fffff8800141743f] -> nt!IofCallDriver -> [0xfffffa8007e8edb0]

06:55:17.169 5 ACPI.sys[fffff88000f77781] -> nt!IofCallDriver -> Device00000065[0xfffffa8007e9a060]

06:55:17.653 Scan finished successfully

06:55:21.647 Disk 0 MBR has been saved successfully to "C:UsersHayleeeDesktopMBR.dat"

06:55:21.647 The log file has been saved successfully to "C:UsersHayleeeDesktopaswMBR.txt"

Share this post


Link to post
Share on other sites

Hi,

 

I notice that you have both Lavasoft Ad-Watch Live! and AVG antiviruses running at the same time. Having more than one antivirus program running at the same time can seriously degrade the performance of your system. Please uninstall either Lavasoft Ad-Watch Live! or AVG (which ever you prefer) using either the provided uninstall feature that is part of the antivirus program or through Add/Remove Programs (for Vista and Win 7 users to go to Programs and Features in the Control Panel). As a rule of thumb one should run one firewall, one antivirus program in memory, and one antispyware utility in memory. It's fine to have other security tools available on an as-needed or on-demand basis, but when multiple tools simultaneously perform the same function, you're asking for trouble.

----------

 

 

Download Combofix from either of the links below, and save it to your desktop.

Link 1

Link 2

 

**Note: It is important that it is saved directly to your desktop**

 

--------------------------------------------------------------------

 

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

 

--------------------------------------------------------------------

 

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
----------

 

In your next reply please post the log created by ComboFix. :)

Share this post


Link to post
Share on other sites

Hey,

 

ComboFix 12-01-05.03 - Hayleee 01/06/2012 8:36.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6611 [GMT 8:00]

Running from: c:usersHayleeeDesktopComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:windowssystem32wbemPerformanceWmiApRpl_new.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))

.

.

2012-01-06 00:42 . 2012-01-06 00:42 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp

2012-01-06 00:42 . 2012-01-06 00:42 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-01-05 09:32 . 2012-01-05 09:32 388096 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:program files (x86)HJT

2012-01-05 03:57 . 2012-01-05 04:51 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-01-05 03:56 . 2012-01-05 04:56 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-01-05 03:25 . 2012-01-05 03:25 -------- d-----w- c:usersHayleeeAppDataRoamingAVG2012

2012-01-05 03:16 . 2012-01-05 03:16 -------- d--h--w- c:programdataCommon Files

2012-01-05 03:16 . 2012-01-05 03:16 -------- d-----w- c:windowsSysWow64driversAVG

2012-01-05 03:15 . 2012-01-06 00:26 -------- d-----w- c:windowssystem32driversAVG

2012-01-05 03:15 . 2012-01-05 03:30 -------- d-----w- c:programdataAVG2012

2012-01-05 03:13 . 2012-01-05 03:13 -------- d-----w- c:program files (x86)AVG

2012-01-05 03:01 . 2012-01-05 03:01 -------- d-----w- c:program filesCCleaner

2012-01-05 03:01 . 2012-01-06 00:27 -------- d-----w- c:programdataMFAData

2012-01-01 05:45 . 2012-01-01 05:45 -------- d-----w- c:windowssystem32Macromed

2011-12-31 03:09 . 2011-12-31 03:10 -------- d-----w- c:usersHayleeeAppDataLocalGoogle

2011-12-31 03:08 . 2012-01-01 03:41 -------- d-----w- c:usersHayleeeAppDataLocalDeployment

2011-12-29 01:57 . 2011-12-29 01:57 -------- d-----w- c:usersHayleeeAppDataRoamingUnified Remote

2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:usersHayleeejagexcache

2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:program files (x86)Common FilesJava

2011-12-28 09:57 . 2011-12-28 09:57 -------- d-----w- c:program files (x86)Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 05:45 . 2011-08-21 09:24 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-12-10 07:24 . 2011-09-18 05:29 23152 ----a-w- c:windowssystem32driversmbam.sys

2011-11-16 22:06 . 2011-11-16 22:06 119808 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe

.

.

((((((((((((((((((((((((((((( [email protected]_04.26.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2012-01-05 22:37 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:39 . 2012-01-05 04:58 31756 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-05 22:48 30692 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2011-05-11 13:39 . 2012-01-05 22:48 14204 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1888113294-1304185749-78946181-1000_UserData.bin

- 2011-05-11 13:22 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-05-11 13:22 . 2012-01-05 23:26 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:22 . 2012-01-05 03:17 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-05-11 13:22 . 2012-01-05 23:26 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-01-05 23:26 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2009-07-14 04:54 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:52 . 2012-01-05 22:40 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 04:46 . 2012-01-01 03:49 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

+ 2009-07-14 04:46 . 2012-01-05 05:38 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-05-11 13:52 . 2012-01-05 22:40 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:52 . 2012-01-05 22:40 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:53 . 2012-01-06 00:07 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:53 . 2012-01-06 00:07 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-18 14:11 . 2012-01-05 09:25 4210 c:windowssystem32wdiERCQueuedResolutions.dat

- 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-01-05 09:26 . 2012-01-05 22:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2012-01-05 09:26 . 2012-01-05 22:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

+ 2011-09-19 09:52 . 2012-01-05 22:37 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

- 2011-09-19 09:52 . 2012-01-05 04:15 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2011-05-11 15:57 . 2012-01-05 23:30 282280 c:windowssystem32wdiSuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 02:36 . 2012-01-05 04:20 669276 c:windowssystem32perfh009.dat

+ 2009-07-14 02:36 . 2012-01-06 00:40 669276 c:windowssystem32perfh009.dat

- 2009-07-14 02:36 . 2012-01-05 04:20 125358 c:windowssystem32perfc009.dat

+ 2009-07-14 02:36 . 2012-01-06 00:40 125358 c:windowssystem32perfc009.dat

- 2009-07-14 05:01 . 2012-01-04 13:36 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2009-07-14 05:01 . 2012-01-05 09:25 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 04:45 . 2012-01-01 03:37 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

+ 2009-07-14 04:45 . 2012-01-05 04:58 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

+ 2012-01-05 09:31 . 2012-01-05 09:31 1402880 c:windowsInstaller4edca.msi

- 2009-07-14 02:34 . 2012-01-05 04:03 10223616 c:windowssystem32SMIStoreMachineschema.dat

+ 2009-07-14 02:34 . 2012-01-05 13:12 10223616 c:windowssystem32SMIStoreMachineschema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:program files (x86)uTorrentBartbuTor.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOTclsid{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_LOCAL_MACHINEWow6432Node~Browser Helper Objects{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

2010-12-09 05:51 3911776 ----a-w- c:program files (x86)uTorrentBartbuTor.dll

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]

"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:program files (x86)uTorrentBartbuTor.dll" [2010-12-09 3911776]

.

[HKEY_CLASSES_ROOTclsid{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-07-14 1475072]

"DAEMON Tools Lite"="c:program files (x86)DAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

"SpybotSD TeaTimer"="c:program files (x86)Spybot - Search & DestroyTeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2010-11-30 421888]

"SwitchBoard"="c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:program files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" [2010-02-21 406992]

"Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-24 460872]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-26 59240]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-10-09 421736]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2011-12-02 2415456]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys [x]

R3 netr28ux;Belkin N1 Wireless USB Adapter Driver;c:windowssystem32DRIVERSnetr28ux.sys [x]

R3 SwitchBoard;SwitchBoard;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-11 4433248]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2011-08-01 192776]

S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-12-24 652872]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:program files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-04-08 2218600]

S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-04-08 378472]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [x]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:windowssystem32DRIVERSRTL8192su.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ASWMBR

*Deregistered* - aswMBR

*Deregistered* - Lavasoft Kernexplorer

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-05 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job

- c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41]

.

2012-01-06 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job

- c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AdobeAAMUpdater-1.0"="c:program files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2010-03-05 500208]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%system32nvappfilter.dll

TCP: DhcpNameServer = 10.1.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64shell32.dll

FF - ProfilePath - c:usersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-06 08:48:05

ComboFix-quarantined-files.txt 2012-01-06 00:48

ComboFix2.txt 2012-01-05 09:19

ComboFix3.txt 2012-01-05 04:31

.

Pre-Run: 291,412,824,064 bytes free

Post-Run: 291,390,291,968 bytes free

.

- - End Of File - - FE404B36DE78CD58A4A54C6E8EF9070A

Share this post


Link to post
Share on other sites

Hi yoyocool2,

 

Did you uninstall one of the antivirus programs? If so which one because they are still showing in the ComboFix log.

-----------

 

 

Disable Spybot S-D Tea Timer

 

TeaTimer needs to be disabled so that its protection does not interfere with fixes.

 

TeaTimer can be re-enabled once the computer is clean. :)

 

1. Open Spybot-S&D in Advanced Mode.

2. If it is not already set to do this go to the "Mode" menu and select "Advanced Mode".

3. On the left hand side, click on "Tools".

4. Then click on the Resident Icon in the List.

5. Uncheck "Resident TeaTimer" and OK any prompts.

6. Restart your computer.

----------

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    DDS::
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO-X64:		 WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    BHO-X64: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
    TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"=-
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

Share this post


Link to post
Share on other sites

Hi, I did uninstall AdAware.

 

Sorry for the late reply, been out all day.

 

 

ComboFix 12-01-05.03 - Hayleee 01/07/2012 20:35:38.4.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6878 [GMT 8:00]

Running from: c:usersHayleeeDesktopComboFix.exe

Command switches used :: c:usersHayleeeDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:program files (x86)uTorrentBartbuTor.dll

c:windowssystem32wbemPerformanceWmiApRpl_new.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))

.

.

2012-01-07 12:41 . 2012-01-07 12:41 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp

2012-01-07 12:41 . 2012-01-07 12:41 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-01-05 09:32 . 2012-01-05 09:32 388096 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:program files (x86)HJT

2012-01-05 03:57 . 2012-01-05 04:51 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-01-05 03:56 . 2012-01-05 04:56 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-01-05 03:25 . 2012-01-05 03:25 -------- d-----w- c:usersHayleeeAppDataRoamingAVG2012

2012-01-05 03:16 . 2012-01-05 03:16 -------- d--h--w- c:programdataCommon Files

2012-01-05 03:16 . 2012-01-05 03:16 -------- d-----w- c:windowsSysWow64driversAVG

2012-01-05 03:15 . 2012-01-07 04:43 -------- d-----w- c:windowssystem32driversAVG

2012-01-05 03:15 . 2012-01-05 03:30 -------- d-----w- c:programdataAVG2012

2012-01-05 03:13 . 2012-01-05 03:13 -------- d-----w- c:program files (x86)AVG

2012-01-05 03:01 . 2012-01-05 03:01 -------- d-----w- c:program filesCCleaner

2012-01-05 03:01 . 2012-01-07 04:43 -------- d-----w- c:programdataMFAData

2012-01-01 05:45 . 2012-01-01 05:45 -------- d-----w- c:windowssystem32Macromed

2011-12-31 03:09 . 2011-12-31 03:10 -------- d-----w- c:usersHayleeeAppDataLocalGoogle

2011-12-31 03:08 . 2012-01-01 03:41 -------- d-----w- c:usersHayleeeAppDataLocalDeployment

2011-12-29 01:57 . 2011-12-29 01:57 -------- d-----w- c:usersHayleeeAppDataRoamingUnified Remote

2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:usersHayleeejagexcache

2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:program files (x86)Common FilesJava

2011-12-28 09:57 . 2011-12-28 09:57 -------- d-----w- c:program files (x86)Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 05:45 . 2011-08-21 09:24 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-12-10 07:24 . 2011-09-18 05:29 23152 ----a-w- c:windowssystem32driversmbam.sys

2011-11-16 22:06 . 2011-11-16 22:06 119808 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe

.

.

((((((((((((((((((((((((((((( [email protected]_04.26.43 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2012-01-05 22:37 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-01-05 22:37 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:39 . 2012-01-07 12:33 32348 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-01-07 12:33 30812 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2011-05-11 13:39 . 2012-01-07 12:33 14390 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1888113294-1304185749-78946181-1000_UserData.bin

- 2011-05-11 13:22 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-05-11 13:22 . 2012-01-07 12:32 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:22 . 2012-01-05 03:17 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-05-11 13:22 . 2012-01-07 12:32 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2012-01-07 12:32 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:52 . 2012-01-07 12:32 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 04:46 . 2012-01-01 03:49 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

+ 2009-07-14 04:46 . 2012-01-05 05:38 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

+ 2011-05-11 13:52 . 2012-01-07 12:32 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-05-11 13:52 . 2012-01-07 12:32 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-05-11 13:53 . 2012-01-07 12:32 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-05-11 13:53 . 2012-01-07 12:32 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-18 14:11 . 2012-01-05 09:25 4210 c:windowssystem32wdiERCQueuedResolutions.dat

- 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-01-07 12:31 . 2012-01-07 12:31 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2012-01-07 12:31 . 2012-01-07 12:31 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2011-09-19 09:52 . 2012-01-05 04:15 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2011-09-19 09:52 . 2012-01-05 22:37 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2011-05-11 15:57 . 2012-01-05 23:30 282280 c:windowssystem32wdiSuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2012-01-07 12:39 669276 c:windowssystem32perfh009.dat

- 2009-07-14 02:36 . 2012-01-05 04:20 669276 c:windowssystem32perfh009.dat

- 2009-07-14 02:36 . 2012-01-05 04:20 125358 c:windowssystem32perfc009.dat

+ 2009-07-14 02:36 . 2012-01-07 12:39 125358 c:windowssystem32perfc009.dat

+ 2009-07-14 05:01 . 2012-01-07 12:30 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 05:01 . 2012-01-04 13:36 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 04:45 . 2012-01-01 03:37 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

+ 2009-07-14 04:45 . 2012-01-05 04:58 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

+ 2012-01-05 09:31 . 2012-01-05 09:31 1402880 c:windowsInstaller4edca.msi

- 2009-07-14 02:34 . 2012-01-05 04:03 10223616 c:windowssystem32SMIStoreMachineschema.dat

+ 2009-07-14 02:34 . 2012-01-05 13:12 10223616 c:windowssystem32SMIStoreMachineschema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-07-14 1475072]

"DAEMON Tools Lite"="c:program files (x86)DAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2010-11-30 421888]

"SwitchBoard"="c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:program files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" [2010-02-21 406992]

"Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-24 460872]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-26 59240]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-10-09 421736]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2011-12-02 2415456]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-11 4433248]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys [x]

R3 netr28ux;Belkin N1 Wireless USB Adapter Driver;c:windowssystem32DRIVERSnetr28ux.sys [x]

R3 SwitchBoard;SwitchBoard;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2011-08-01 192776]

S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-12-24 652872]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:program files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-04-08 2218600]

S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-04-08 378472]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [x]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:windowssystem32DRIVERSRTL8192su.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-07 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job

- c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41]

.

2012-01-07 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job

- c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AdobeAAMUpdater-1.0"="c:program files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2010-03-05 500208]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%system32nvappfilter.dll

TCP: DhcpNameServer = 10.1.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64shell32.dll

FF - ProfilePath - c:usersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-07 20:46:23

ComboFix-quarantined-files.txt 2012-01-07 12:46

ComboFix2.txt 2012-01-06 00:48

ComboFix3.txt 2012-01-05 09:19

ComboFix4.txt 2012-01-05 04:31

.

Pre-Run: 290,993,995,776 bytes free

Post-Run: 290,972,225,536 bytes free

.

- - End Of File - - 228468961877F6427E568A6BF6A0C36A

Share this post


Link to post
Share on other sites

Hi,

 

Download TFC to your desktop

  • Close any open windows.
  • Right-click and Run as Administrator the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
----------

 

 

I see that you have Malwarebytes on your system. Please open Malwarebytes, update it and then run a Quick Scan. Please save the log that is created for your next reply.

----------

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

 

As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.

  • Do not use this instance of your browser for anything besides doing this scan
  • When the scan is complete and the results saved, close that instance of your browser
  • Open a new one the usual way and post the results in this topic.
  • Right-click and Run as Administartor on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Back button.
  • Push Finish
http://www.eset.com/onlinescan/

----------

 

In your next reply please post the logs made by Malwarebytes and ESET online scanner. :)

Share this post


Link to post
Share on other sites

Hi Jeff,

 

Malwarebytes Anti-Malware (Trial) 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.08.01

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

Hayleee :: HAYLEEE-PC [administrator]

Protection: Enabled

1/8/2012 11:38:18 AM

mbam-log-2012-01-08 (11-38-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 191546

Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

 

ESETLog:

 

C:UsersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker(1).exe a variant of Win32/SoftonicDownloader.A application

C:UsersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker.exe a variant of Win32/SoftonicDownloader.A application

Share this post


Link to post
Share on other sites

Hi yoyocool2,

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    File::
    C:\Users\Hayleee\Downloads\SoftonicDownloader_for_windows-movie-maker(1).exe
    C:\Users\Hayleee\Downloads\SoftonicDownloader_for_windows-movie-maker.exe
    
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

     

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

----------

 

In your next reply please post the logs created by Combofix and also let me know how your system is running. :)

Share this post


Link to post
Share on other sites

Hi Jeff,

 

I am having issues with the computer. It is not loading windows anymore (It gets to the windows 7 loading screen then goes black) I am unable to start in safe mode, and selecting to go into windows repair tools just goes to a black screen, I have tried booting a windows recovery CD but it also goes to a black screen and no further.

Share this post


Link to post
Share on other sites

Its a Seagate Barracuda 7200.10, pretty much answers all. Its just weird because when booting recovery tools or recovery from usb it goes to a black screen with a mouse pointer.

Share this post


Link to post
Share on other sites

Its a Seagate Barracuda 7200.10, pretty much answers all. Its just weird because when booting recovery tools or recovery from usb it goes to a black screen with a mouse pointer.

 

I've fixed the issue, ran it in my other PC as a 2nd HDD and used the Seagate Windows Tools and it fixed a boot sector, am about to run CFScript.

Share this post


Link to post
Share on other sites

ComboFix 12-01-10.02 - Hayleee 01/11/2012 10:08:58.5.4 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6633 [GMT 8:00]

Running from: c:usersHayleeeDesktopComboFix.exe

Command switches used :: c:usersHayleeeDesktopCFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

FILE ::

"c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker(1).exe"

"c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker(1).exe

c:usersHayleeeDownloadsSoftonicDownloader_for_windows-movie-maker.exe

c:windowssystem32wbemPerformanceWmiApRpl_new.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))

.

.

2012-01-11 02:14 . 2012-01-11 02:14 -------- d-----w- c:usersUpdatusUserAppDataLocaltemp

2012-01-11 02:14 . 2012-01-11 02:14 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-01-08 03:44 . 2012-01-08 03:44 -------- d-----w- c:program files (x86)ESET

2012-01-05 09:32 . 2012-01-05 09:32 388096 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-05 09:32 . 2012-01-05 09:32 -------- d-----w- c:program files (x86)HJT

2012-01-05 03:57 . 2012-01-05 04:51 -------- d-----w- c:programdataSpybot - Search & Destroy

2012-01-05 03:56 . 2012-01-05 04:56 -------- d-----w- c:program files (x86)Spybot - Search & Destroy

2012-01-05 03:25 . 2012-01-05 03:25 -------- d-----w- c:usersHayleeeAppDataRoamingAVG2012

2012-01-05 03:16 . 2012-01-05 03:16 -------- d--h--w- c:programdataCommon Files

2012-01-05 03:16 . 2012-01-05 03:16 -------- d-----w- c:windowsSysWow64driversAVG

2012-01-05 03:15 . 2012-01-05 03:30 -------- d-----w- c:programdataAVG2012

2012-01-05 03:15 . 2008-01-02 06:41 -------- d-----w- c:windowssystem32driversAVG

2012-01-05 03:13 . 2012-01-05 03:13 -------- d-----w- c:program files (x86)AVG

2012-01-05 03:01 . 2012-01-05 03:01 -------- d-----w- c:program filesCCleaner

2012-01-05 03:01 . 2008-01-02 06:41 -------- d-----w- c:programdataMFAData

2012-01-01 05:45 . 2012-01-01 05:45 -------- d-----w- c:windowssystem32Macromed

2011-12-31 03:09 . 2011-12-31 03:10 -------- d-----w- c:usersHayleeeAppDataLocalGoogle

2011-12-31 03:08 . 2012-01-01 03:41 -------- d-----w- c:usersHayleeeAppDataLocalDeployment

2011-12-29 01:57 . 2011-12-29 01:57 -------- d-----w- c:usersHayleeeAppDataRoamingUnified Remote

2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:usersHayleeejagexcache

2011-12-28 09:58 . 2011-12-28 09:58 -------- d-----w- c:program files (x86)Common FilesJava

2011-12-28 09:57 . 2011-12-28 09:57 -------- d-----w- c:program files (x86)Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-01 05:45 . 2011-08-21 09:24 414368 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl

2011-12-10 07:24 . 2011-09-18 05:29 23152 ----a-w- c:windowssystem32driversmbam.sys

2011-11-16 22:06 . 2011-11-16 22:06 119808 ----a-r- c:usersHayleeeAppDataRoamingMicrosoftInstaller{CCF298AF-9CE1-4B26-B251-486E98A34789}icons.exe

.

.

((((((((((((((((((((((((((((( [email protected]_04.26.43 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:54 . 2008-01-02 06:41 16384 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2008-01-02 06:41 32768 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2009-07-14 04:54 . 2008-01-02 06:41 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2009-07-14 04:54 . 2012-01-05 04:15 16384 c:windowsSysWOW64configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:39 . 2008-01-02 06:39 33036 c:windowssystem32wdiShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2008-01-02 06:39 30956 c:windowssystem32wdiBootPerformanceDiagnostics_SystemData.bin

+ 2011-05-11 13:39 . 2008-01-02 06:39 15040 c:windowssystem32wdi{86432a0b-3c7d-4ddf-a89c-172faa90485d}S-1-5-21-1888113294-1304185749-78946181-1000_UserData.bin

+ 2011-05-11 13:22 . 2008-01-02 06:38 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:22 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:22 . 2012-01-05 03:17 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-05-11 13:22 . 2008-01-02 06:38 32768 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2009-07-14 04:54 . 2012-01-05 03:17 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2009-07-14 04:54 . 2008-01-02 06:38 16384 c:windowssystem32configsystemprofileAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-05-11 13:52 . 2008-01-02 06:38 16384 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2009-07-14 04:46 . 2012-01-05 05:38 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

- 2009-07-14 04:46 . 2012-01-01 03:49 71944 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformCachecache.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

+ 2011-05-11 13:52 . 2008-01-02 06:38 32768 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5index.dat

- 2011-05-11 13:52 . 2012-01-05 02:42 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:52 . 2008-01-02 06:38 16384 c:windowsServiceProfilesNetworkServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-11 13:53 . 2012-01-11 02:11 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

- 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataRoamingMicrosoftWindowsCookiesindex.dat

+ 2011-05-11 13:53 . 2012-01-11 02:11 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

- 2011-05-11 13:53 . 2012-01-05 04:03 16384 c:windowsServiceProfilesLocalServiceAppDataLocalMicrosoftWindowsHistoryHistory.IE5index.dat

+ 2011-05-18 14:11 . 2012-01-08 13:21 4210 c:windowssystem32wdiERCQueuedResolutions.dat

+ 2008-01-02 06:37 . 2008-01-02 06:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

- 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive1.dat

+ 2008-01-02 06:37 . 2008-01-02 06:37 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2012-01-05 02:40 . 2012-01-05 02:40 2048 c:windowsServiceProfilesLocalServiceAppDataLocallastalive0.dat

- 2011-09-19 09:52 . 2012-01-05 04:15 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2011-09-19 09:52 . 2012-01-05 22:37 262144 c:windowsSysWOW64configsystemprofileAppDataRoamingMicrosoftWindowsIETldCacheindex.dat

+ 2011-05-11 15:57 . 2012-01-05 23:30 282280 c:windowssystem32wdiSuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2012-01-11 02:12 669276 c:windowssystem32perfh009.dat

- 2009-07-14 02:36 . 2012-01-05 04:20 669276 c:windowssystem32perfh009.dat

- 2009-07-14 02:36 . 2012-01-05 04:20 125358 c:windowssystem32perfc009.dat

+ 2009-07-14 02:36 . 2012-01-11 02:12 125358 c:windowssystem32perfc009.dat

+ 2009-07-14 05:01 . 2012-01-08 14:52 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

- 2009-07-14 05:01 . 2012-01-04 13:36 313208 c:windowsServiceProfilesLocalServiceAppDataLocalFontCache-System.dat

+ 2009-07-14 04:45 . 2012-01-05 04:58 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

- 2009-07-14 04:45 . 2012-01-01 03:37 3607983 c:windowsServiceProfilesNetworkServiceAppDataRoamingMicrosoftSoftwareProtectionPlatformtokens.dat

+ 2012-01-05 09:31 . 2012-01-05 09:31 1402880 c:windowsInstaller4edca.msi

- 2009-07-14 02:34 . 2012-01-05 04:03 10223616 c:windowssystem32SMIStoreMachineschema.dat

+ 2009-07-14 02:34 . 2012-01-07 13:38 10223616 c:windowssystem32SMIStoreMachineschema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2009-07-14 1475072]

"DAEMON Tools Lite"="c:program files (x86)DAEMON Tools LiteDTLite.exe" [2011-08-02 4910912]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"QuickTime Task"="c:program files (x86)QuickTimeQTTask.exe" [2010-11-30 421888]

"SwitchBoard"="c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:program files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe" [2010-02-21 406992]

"Malwarebytes' Anti-Malware"="c:program files (x86)Malwarebytes' Anti-Malwarembamgui.exe" [2011-12-24 460872]

"APSDaemon"="c:program files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe" [2011-09-26 59240]

"iTunesHelper"="c:program files (x86)iTunesiTunesHelper.exe" [2011-10-09 421736]

"AVG_TRAY"="c:program files (x86)AVGAVG2012avgtray.exe" [2011-12-02 2415456]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]

BootExecute REG_MULTI_SZ autocheck autochk *0c:progra~2AVGAVG2012avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AVGIDSAgent;AVGIDSAgent;c:program files (x86)AVGAVG2012AVGIDSAgent.exe [2011-10-11 4433248]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:windowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-03-18 138576]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:windowssystem32DRIVERSnetaapl64.sys [x]

R3 netr28ux;Belkin N1 Wireless USB Adapter Driver;c:windowssystem32DRIVERSnetr28ux.sys [x]

R3 SwitchBoard;SwitchBoard;c:program files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:windowssystem32Driversusbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:windowssystem32WatWatAdminSvc.exe [x]

S0 AVGIDSEH;AVGIDSEH;c:windowssystem32DRIVERSAVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:windowssystem32DRIVERSavgrkx64.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:windowssystem32DRIVERSavgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32DRIVERSavgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:windowssystem32DRIVERSavgtdia.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:windowssystem32DRIVERSdtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:windowssystem32DRIVERSvwififlt.sys [x]

S2 avgwd;AVG WatchDog;c:program files (x86)AVGAVG2012avgwdsvc.exe [2011-08-01 192776]

S2 MBAMService;MBAMService;c:program files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-12-24 652872]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:program files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe [2011-04-08 2218600]

S2 SBSDWSCService;SBSD Security Center Service;c:program files (x86)Spybot - Search & DestroySDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2011-04-08 378472]

S3 AVGIDSDriver;AVGIDSDriver;c:windowssystem32DRIVERSAVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:windowssystem32DRIVERSAVGIDSFilter.Sys [x]

S3 MBAMProtector;MBAMProtector;c:windowssystem32driversmbam.sys [x]

S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:windowssystem32DRIVERSRTL8192su.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-08 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job

- c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41]

.

2012-01-08 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job

- c:usersHayleeeAppDataLocalGoogleUpdateGoogleUpdate.exe [2012-01-01 03:41]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"AdobeAAMUpdater-1.0"="c:program files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe" [2010-03-05 500208]

.

------- Supplementary Scan -------

.

uLocal Page = c:windowssystem32blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:windowsSysWOW64blank.htm

uInternet Settings,ProxyOverride = *.local

LSP: %SYSTEMROOT%system32nvappfilter.dll

TCP: DhcpNameServer = 10.1.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64shell32.dll

FF - ProfilePath - c:usersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.default

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}LocalServer32]

@="c:WindowsSysWOW64MacromedFlashFlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{A483C63A-CDBC-426E-BF93-872502E8144E}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@="c:WindowsSysWOW64MacromedFlashFlash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]

@Denied: (Full) (Everyone)

.

Completion time: 2012-01-11 10:18:27

ComboFix-quarantined-files.txt 2012-01-11 02:18

ComboFix2.txt 2012-01-07 12:46

ComboFix3.txt 2012-01-06 00:48

ComboFix4.txt 2012-01-05 09:19

ComboFix5.txt 2012-01-11 02:07

.

Pre-Run: 290,145,316,864 bytes free

Post-Run: 290,674,380,800 bytes free

.

- - End Of File - - F4B9CAA14897B1731ACA60CECD423CA8

 

Chrome and Firefox are still having the same issues.

Share this post


Link to post
Share on other sites

I've fixed the issue, ran it in my other PC as a 2nd HDD and used the Seagate Windows Tools

:clap: Great Job!! I was looking at having you do just the same thing. :)

 

I will review the ComboFix log and get back as quickly as I can.

Share this post


Link to post
Share on other sites

Hi,

 

Download OTL to your desktop.

  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.

    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.

  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

OLT:

 

 

OTL logfile created on: 1/11/2012 12:44:36 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersHayleeeDesktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.98% Memory free

16.00 Gb Paging File | 14.36 Gb Available in Paging File | 89.76% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 465.76 Gb Total Space | 271.66 Gb Free Space | 58.33% Space Free | Partition Type: NTFS

 

Computer Name: HAYLEEE-PC | User Name: Hayleee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersHayleeeDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:WindowsSysWOW64PnkBstrA.exe ()

PRC - C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd)

PRC - C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation)

SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe ()

SRV:64bit: - (nSvcIp) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe ()

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (AVGIDSAgent) -- C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (PnkBstrA) -- C:WindowsSysWOW64PnkBstrA.exe ()

SRV - (avgwd) -- C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Avgldx64) -- C:WindowsSysNativedriversavgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:WindowsSysNativedriversavgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (dtsoftbus01) -- C:WindowsSysNativedriversdtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (Avgmfx64) -- C:WindowsSysNativedriversavgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:WindowsSysNativedriversavgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSFilter) -- C:WindowsSysNativedriversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSDriver) -- C:WindowsSysNativedriversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSEH) -- C:WindowsSysNativedriversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Netaapl) -- C:WindowsSysNativedriversnetaapl64.sys (Apple Inc.)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (RTL8192su) -- C:WindowsSysNativedriversRTL8192su.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (MTsensor) -- C:WindowsSysNativedriversASACPI.sys ()

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

IE - HKLM..URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com.au/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP = 10 7B 5D E8 38 C8 CC 01 [binary data]

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - [email protected]/GENUINE: disabled File not found

FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32.dll ()

FF - [email protected]/iTunes,version=: File not found

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/GENUINE: disabled File not found

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/NxGame: C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon)

FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)

FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program Files (x86)AVGAVG2012Firefox4 [2012/01/05 11:16:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/01/01 06:07:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

 

[2011/05/11 21:59:33 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaExtensions

[2011/12/06 15:53:25 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.defaultextensions

[2011/12/06 15:53:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.defaultextensions{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/12/31 11:07:40 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2012/01/01 06:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:Program Files (x86)Mozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/11/13 10:52:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

 

========== Chrome ==========

 

CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2_0

CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1901_0

 

O1 HOSTS File: ([2012/01/11 10:14:24 | 000,000,027 | ---- | M]) - C:WindowsSysNativedriversetchosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O4:64bit: - HKLM..Run: [AdobeAAMUpdater-1.0] C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..Run: [AdobeCS5ServiceManager] C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [AVG_TRAY] C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..Run: [DAEMON Tools Lite] C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000001 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000002 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000003 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000014 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9Catalog_Entries000000000014 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.1.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{6C76B5D7-DF34-4C95-BEF2-3E0CF83ABC5D}: DhcpNameServer = 10.4.85.135 10.4.176.231

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{856747D4-0E15-4F15-8FA9-82235683E5FC}: DhcpNameServer = 10.1.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BB29DAFB-C723-47A0-A4DB-C2DD6CD63C85}: DhcpNameServer = 10.1.1.1

O18:64bit: - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgppa.dll (AVG Technologies CZ, s.r.o.)

O18:64bit: - ProtocolHandlerwlpg - No CLSID value found

O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:PROGRA~2AVGAVG2012avgrsa.exe /sync /restart)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/11 12:43:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe

[2012/01/11 10:51:19 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/01/11 10:18:29 | 000,000,000 | ---D | C] -- C:Windowstemp

[2012/01/11 10:07:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/01/11 10:07:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/01/11 10:07:04 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/01/08 11:44:21 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET

[2012/01/08 11:29:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe

[2012/01/06 06:51:08 | 004,704,768 | ---- | C] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe

[2012/01/06 06:48:39 | 000,607,260 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopdds.com

[2012/01/05 17:32:09 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/01/05 17:32:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)HJT

[2012/01/05 12:13:19 | 000,000,000 | ---D | C] -- C:WindowsERDNT

[2012/01/05 12:10:09 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/01/05 12:06:17 | 004,377,322 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe

[2012/01/05 11:57:07 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/01/05 11:57:00 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy

[2012/01/05 11:56:59 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/01/05 11:25:48 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingAVG2012

[2012/01/05 11:16:52 | 000,000,000 | -H-D | C] -- C:ProgramDataCommon Files

[2012/01/05 11:16:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAVG 2012

[2012/01/05 11:16:36 | 000,000,000 | ---D | C] -- C:WindowsSysWow64driversAVG

[2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:ProgramDataAVG2012

[2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:WindowsSysNativedriversAVG

[2012/01/05 11:13:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)AVG

[2012/01/05 11:01:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner

[2012/01/05 11:01:37 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner

[2012/01/05 11:01:21 | 000,000,000 | ---D | C] -- C:ProgramDataMFAData

[2012/01/01 13:45:01 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed

[2012/01/01 11:43:07 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome

[2011/12/31 11:18:22 | 000,000,000 | ---D | C] -- C:UsersHayleeeDocumentsll

[2011/12/31 11:09:19 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalGoogle

[2011/12/31 11:08:34 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalDeployment

[2011/12/29 09:57:11 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingUnified Remote

[2011/12/28 17:58:56 | 000,000,000 | ---D | C] -- C:UsersHayleeejagexcache

[2011/12/28 17:58:15 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesJava

[2011/12/28 17:57:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe

[2011/12/28 17:57:23 | 000,000,000 | ---D | C] -- C:Program Files (x86)Java

[2011/05/10 11:23:34 | 000,216,064 | ---- | C] ( ) -- C:WindowsSysWow64lagarith.dll

[2010/02/04 15:00:00 | 000,139,264 | ---- | C] ( ) -- C:Windowssipr3260.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/11 12:43:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe

[2012/01/11 12:05:00 | 000,000,916 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job

[2012/01/11 11:33:00 | 000,792,914 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/01/11 11:33:00 | 000,669,276 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/01/11 11:33:00 | 000,125,358 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/01/11 11:28:50 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/01/11 10:54:25 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/11 10:54:25 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/11 10:50:53 | 086,484,941 | ---- | M] () -- C:WindowsSysNativedriversAVGincavi.avm

[2012/01/11 10:47:00 | 2146,344,959 | -HS- | M] () -- C:hiberfil.sys

[2012/01/11 10:14:24 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts

[2012/01/11 10:06:45 | 004,377,322 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe

[2012/01/08 22:52:42 | 000,000,024 | ---- | M] () -- C:UsersHayleeerandom.dat

[2012/01/08 22:05:07 | 000,000,046 | ---- | M] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat

[2012/01/08 13:05:02 | 000,000,864 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job

[2012/01/08 12:52:43 | 000,000,866 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/01/08 11:29:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe

[2012/01/07 19:57:46 | 001,601,493 | ---- | M] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg

[2012/01/06 06:55:21 | 000,000,512 | ---- | M] () -- C:UsersHayleeeDesktopMBR.dat

[2012/01/06 06:51:08 | 004,704,768 | ---- | M] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe

[2012/01/06 06:48:53 | 000,607,260 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopdds.com

[2012/01/05 17:32:09 | 000,002,993 | ---- | M] () -- C:UsersHayleeeDesktopHiJackThis.lnk

[2012/01/05 13:00:42 | 000,002,324 | ---- | M] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk

[2012/01/05 12:26:38 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120105-123333.backup

[2012/01/05 11:57:12 | 000,001,282 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/01/05 11:57:12 | 000,001,258 | ---- | M] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk

[2012/01/05 11:16:39 | 000,000,965 | ---- | M] () -- C:UsersPublicDesktopAVG 2012.lnk

[2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGincavi.avm

[2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGiavichjw.avm

[2012/01/01 13:45:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/01/01 11:49:00 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/01/01 11:47:21 | 000,001,437 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/01/01 06:10:28 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat

[2012/01/01 06:10:28 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat

[2011/12/28 17:57:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe

 

========== Files Created - No Company Name ==========

 

[2012/01/11 10:50:53 | 086,484,941 | ---- | C] () -- C:WindowsSysNativedriversAVGincavi.avm

[2012/01/11 10:07:04 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/01/11 10:07:04 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/01/11 10:07:04 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/01/11 10:07:04 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/01/11 10:07:04 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/01/08 12:44:35 | 001,601,493 | ---- | C] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg

[2012/01/06 06:55:21 | 000,000,512 | ---- | C] () -- C:UsersHayleeeDesktopMBR.dat

[2012/01/05 17:32:09 | 000,002,993 | ---- | C] () -- C:UsersHayleeeDesktopHiJackThis.lnk

[2012/01/05 13:00:42 | 000,002,324 | ---- | C] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk

[2012/01/05 11:57:12 | 000,001,282 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/01/05 11:57:12 | 000,001,258 | ---- | C] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk

[2012/01/05 11:16:39 | 000,000,965 | ---- | C] () -- C:UsersPublicDesktopAVG 2012.lnk

[2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGincavi.avm

[2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGiavichjw.avm

[2012/01/05 11:01:38 | 000,000,866 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/01/01 11:49:00 | 000,001,109 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/01/01 11:41:17 | 000,000,916 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job

[2012/01/01 11:41:14 | 000,000,864 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job

[2012/01/01 11:39:42 | 000,001,443 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk

[2012/01/01 11:39:42 | 000,001,437 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/01/01 11:39:42 | 000,001,409 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer (64-bit).lnk

[2011/12/28 17:58:56 | 000,000,046 | ---- | C] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat

[2011/12/28 17:58:56 | 000,000,024 | ---- | C] () -- C:UsersHayleeerandom.dat

[2011/12/05 09:58:38 | 000,000,132 | ---- | C] () -- C:UsersHayleeeAppDataRoamingAdobe PNG Format CS5 Prefs

[2011/09/23 21:23:16 | 000,000,064 | ---- | C] () -- C:WindowsSysWow64rp_stats.dat

[2011/09/23 21:23:16 | 000,000,044 | ---- | C] () -- C:WindowsSysWow64rp_rules.dat

[2011/08/29 19:23:55 | 000,215,128 | ---- | C] () -- C:WindowsSysWow64PnkBstrB.exe

[2011/08/29 19:23:53 | 002,434,856 | ---- | C] () -- C:WindowsSysWow64pbsvc_bc2.exe

[2011/08/29 19:23:53 | 000,075,064 | ---- | C] () -- C:WindowsSysWow64PnkBstrA.exe

[2011/08/25 15:17:59 | 000,200,704 | ---- | C] () -- C:WindowsSysWow64UpdateDriver.exe

[2011/08/25 15:17:59 | 000,005,226 | ---- | C] () -- C:WindowsSysWow64ucuiinfo.ini

[2011/06/26 18:18:24 | 000,786,294 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2011/04/28 02:21:38 | 003,268,096 | ---- | C] () -- C:WindowsSysWow64x264vfw.dll

[2011/04/12 10:09:18 | 000,073,216 | ---- | C] () -- C:WindowsSysWow64ff_vfw.dll

[2011/03/20 02:06:02 | 000,240,640 | ---- | C] () -- C:WindowsSysWow64xvidvfw.dll

[2011/03/20 02:04:28 | 000,650,752 | ---- | C] () -- C:WindowsSysWow64xvidcore.dll

[2010/03/15 20:31:48 | 000,165,376 | ---- | C] () -- C:WindowsSysWow64unrar.dll

[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat

[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT

[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat

[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin

[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSysWow64BWContextHandler.dll

[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll

[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat

[2007/08/01 11:39:28 | 000,012,536 | ---- | C] () -- C:WindowsSysWow64driversASUSHWIO.SYS

[2007/02/06 11:05:26 | 000,000,038 | ---- | C] () -- C:WindowsAviSplitter.INI

 

========== LOP Check ==========

 

[2011/10/31 19:41:50 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoaming.minecraft

[2011/06/27 20:02:38 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingAdvanced Combat Tracker

[2011/09/18 00:52:11 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingAnvSoft

[2012/01/05 11:25:48 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingAVG2012

[2012/01/05 11:12:41 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingDAEMON Tools Lite

[2011/05/22 10:45:10 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingMumble

[2011/07/16 07:36:08 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingRift

[2011/09/09 20:22:37 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingStageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2011/12/29 09:57:11 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingUnified Remote

[2012/01/11 10:40:21 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoaminguTorrent

[2011/05/15 08:51:04 | 000,000,000 | ---D | M] -- C:UsersHayleeeAppDataRoamingWin7codecs

[2012/01/11 11:28:11 | 000,032,582 | ---- | M] () -- C:WindowsTasksSCHEDLGU.TXT

 

========== Purity Check ==========

 

 

< End of report >

 

Extras:

OTL Extras logfile created on: 1/11/2012 12:44:36 PM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersHayleeeDesktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.98% Memory free

16.00 Gb Paging File | 14.36 Gb Available in Paging File | 89.76% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 465.76 Gb Total Space | 271.66 Gb Free Space | 58.33% Space Free | Partition Type: NTFS

 

Computer Name: HAYLEEE-PC | User Name: Hayleee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<extension>]

.cpl [@ = cplfile] -- C:WindowsSysWow64control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

 

[HKEY_CURRENT_USERSOFTWAREClasses<extension>]

.html [@ = FirefoxHTML] -- C:Program Files (x86)Mozilla Firefoxfirefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%system32mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%System32rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

InternetShortcut [print] -- "C:WindowsSystem32rundll32.exe" "C:WindowsSystem32mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:Program Files (x86)AdobeAdobe Bridge CS5Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINESOFTWAREClasses<key>shell[command]command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%System32control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%system32rundll32.exe %SystemRoot%system32shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [bridge] -- C:Program Files (x86)AdobeAdobe Bridge CS5Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:Program Files (x86)VideoLANVLCvlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvcVol]

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterSvc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewall]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallDomainProfile]

 

[HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsFirewallStandardProfile]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileGloballyOpenPortsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyPublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyDomainProfileAuthorizedApplicationsList]

 

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java 6 Update 27 (64-bit)

"{41B19F41-8A6F-4422-AD69-CF3B408F382C}" = AVG 2012

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{6D830209-41C2-4D6B-BA25-4EF98807D9FB}" = AVG 2012

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support

"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 270.61

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 270.61

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AVG" = AVG 2012

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"NVIDIA Drivers" = NVIDIA Drivers

"WinRAR archiver" = WinRAR 4.01 (64-bit)

 

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Adapter Setup

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = The Settlers 7 - Paths to a Kingdom

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3

"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2

"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1427788-54CA-4DF3-A5EE-A34E0E5DB9AD}" = Belkin N1 Wireless USB Adapter

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)

"bc8a6440-918f-11dd-ad8b-0800200c9a66_is1" = Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.14.00.802

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DAEMON Tools Lite" = DAEMON Tools Lite

"ESET Online Scanner" = ESET Online Scanner v3

"InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}" = Belkin Connect Wireless USB Adapter

"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager

"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800

"MapleStory" = MapleStory

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Mixtrilo" = Mixtrilo

"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"PunkBusterSvc" = PunkBuster Services

"Steam App 24960" = Battlefield: Bad Company 2

"Steam App 42700" = Call of Duty: Black Ops

"Steam App 42710" = Call of Duty: Black Ops - Multiplayer

"Steam App 440" = Team Fortress 2

"uTorrent" = µTorrent

"uTorrentBar Toolbar" = uTorrentBar Toolbar

"VLC media player" = VLC media player 1.1.9

"WinLiveSuite" = Windows Live Essentials

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 1/2/2008 2:38:56 AM | Computer Name = Hayleee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 1/2/2008 2:40:21 AM | Computer Name = Hayleee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 1/2/2008 2:40:54 AM | Computer Name = Hayleee-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: A required certificate is not within its validity period when verifying

against the current system clock or the timestamp in the signed file. .

 

Error - 1/10/2012 10:07:23 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe_iphlpsvc, version: 6.1.7600.16385,

time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7600.16695,

time stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2

Faulting

process id: 0x404 Faulting application start time: 0x01c84d09fda9fec0 Faulting application

path: C:Windowssystem32svchost.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll

Report

Id: ffb2b6c0-3bf8-11e1-bcdc-002354230484

 

Error - 1/10/2012 10:14:57 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000

Description = Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time

stamp: 0x4e5dcc07 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time

stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting

process id: 0x798 Faulting application start time: 0x01c84d0a01f07a40 Faulting application

path: C:Program FilesBonjourmDNSResponder.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll

Report

Id: 0e137320-3bfa-11e1-bcdc-002354230484

 

Error - 1/10/2012 10:47:20 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000

Description = Faulting application name: mDNSResponder.exe, version: 3.0.0.10, time

stamp: 0x4e5dcc07 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time

stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting

process id: 0x77c Faulting application start time: 0x01ccd00b4f4874e0 Faulting application

path: C:Program FilesBonjourmDNSResponder.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll

Report

Id: 947fe840-3bfe-11e1-8a29-002354230484

 

Error - 1/10/2012 11:17:14 PM | Computer Name = Hayleee-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "C:Program Files (x86)Common

FilesAdobe AIRVersions1.0Adobe AIR.dll".Error in manifest or policy file "C:Program

Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

 

Error - 1/10/2012 11:17:51 PM | Computer Name = Hayleee-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "c:program files (x86)ESETeset

online scannerESETSmartInstaller.exe".Error in manifest or policy file "" on line

. A component version required by the application conflicts with another component

version already active. Conflicting components are:. Component 1: C:WindowsWinSxSmanifestsamd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component

2: C:WindowsWinSxSmanifestsx86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

 

Error - 1/10/2012 11:23:15 PM | Computer Name = Hayleee-PC | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:program files (x86)spybot

- search & destroyDelZip179.dll".Error in manifest or policy file "c:program

files (x86)spybot - search & destroyDelZip179.dll" on line 8. The value "*" of

attribute "language" in element "assemblyIdentity" is invalid.

 

Error - 1/10/2012 11:28:11 PM | Computer Name = Hayleee-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7600.16695, time

stamp: 0x4cc7b325 Exception code: 0xc0000374 Fault offset: 0x00000000000c6ab2 Faulting

process id: 0x408 Faulting application start time: 0x01ccd00b4c1b6840 Faulting application

path: C:Windowssystem32svchost.exe Faulting module path: C:WindowsSYSTEM32ntdll.dll

Report

Id: 49096de0-3c04-11e1-8a29-002354230484

 

[ System Events ]

Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031

Description = The Secondary Logon service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 120000 milliseconds:

Restart the service.

 

Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031

Description = The System Event Notification Service service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

120000 milliseconds: Restart the service.

 

Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031

Description = The Shell Hardware Detection service terminated unexpectedly. It

has done this 1 time(s). The following corrective action will be taken in 60000

milliseconds: Restart the service.

 

Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031

Description = The Themes service terminated unexpectedly. It has done this 1 time(s).

The following corrective action will be taken in 60000 milliseconds: Restart the

service.

 

Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Management Instrumentation service terminated unexpectedly.

It has done this 1 time(s). The following corrective action will be taken in

120000 milliseconds: Restart the service.

 

Error - 1/10/2012 10:07:30 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7031

Description = The Windows Update service terminated unexpectedly. It has done this

1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

 

Error - 1/10/2012 10:08:14 PM | Computer Name = Hayleee-PC | Source = volsnap | ID = 393230

Description = The shadow copies of volume C: were aborted because of an IO failure

on volume C:.

 

Error - 1/10/2012 10:08:25 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Server service, but this action

failed with the following error: %%1056

 

Error - 1/10/2012 10:09:25 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the IKE and AuthIP IPsec Keying

Modules service, but this action failed with the following error: %%1056

 

Error - 1/10/2012 10:09:25 PM | Computer Name = Hayleee-PC | Source = Service Control Manager | ID = 7032

Description = The Service Control Manager tried to take a corrective action (Restart

the service) after the unexpected termination of the Computer Browser service,

but this action failed with the following error: %%1056

 

 

< End of report >

Share this post


Link to post
Share on other sites

Hi yoyocool,

 

Sorry about the delay in response.

 

For your problems with Chrome you may need to remove any extensions that you have running manually. Open Chrome >> press on the Wrench icon in the top right corner >> go to Tools >> Extensions and then then disable all the add-ons and see if that helps. :)

------

 

Please download and run ERUNT (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.

----------

 

 

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

     

    :Services
    
    :OTL
    IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 7B 5D E8 38 C8 CC 01 [binary data]
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    [2011/12/06 15:53:25 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Hayleee\AppData\Roaming\Mozilla\Firefox\Profiles\54hjis6t.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [purity]
    [resethosts]
    [emptyflash]
    [emptyjava]
    [clearallrestorepoints]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------

 

In your next reply please let me know if that helped your problems with Firefox and Chrome. What other symptoms are you experiencing? :)

Share this post


Link to post
Share on other sites

Ok...thanks for letting me know that. I thought you were having problems after you opened it. Sorry about that.

 

Go ahead and run the OTL fix like I posted for you previously and I will look into Chrome. :)

Share this post


Link to post
Share on other sites

Firefox is still crashing before it loads and Chrome still doesn't launch at all, I may give a reinstall a try for both of them after all this fixing we have done and see if that works?

 

OTL logfile created on: 1/13/2012 4:12:02 PM - Run 2

OTL by OldTimer - Version 3.2.31.0 Folder = C:UsersHayleeeDesktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

8.00 Gb Total Physical Memory | 6.57 Gb Available Physical Memory | 82.20% Memory free

16.00 Gb Paging File | 14.52 Gb Available in Paging File | 90.81% Paging File free

Paging file location(s): ?:pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:Windows | %ProgramFiles% = C:Program Files (x86)

Drive C: | 465.76 Gb Total Space | 271.59 Gb Free Space | 58.31% Space Free | Partition Type: NTFS

 

Computer Name: HAYLEEE-PC | User Name: Hayleee | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:UsersHayleeeDesktopOTL.exe (OldTimer Tools)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

PRC - C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

PRC - C:WindowsSysWOW64PnkBstrA.exe ()

PRC - C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd)

PRC - C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

PRC - C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)

 

 

========== Modules (No Company Name) ==========

 

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportzlib1.dll ()

MOD - C:Program Files (x86)Common FilesAppleApple Application Supportlibxml2.dll ()

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (WinDefend) -- C:Program FilesWindows DefenderMpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:WindowsSysNativeappmgmts.dll (Microsoft Corporation)

SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcAppFlt.exe ()

SRV:64bit: - (nSvcIp) -- C:Program FilesNVIDIA CorporationNetworkAccessManagerbin32nSvcIp.exe ()

SRV - (MBAMService) -- C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe (Malwarebytes Corporation)

SRV - (AVGIDSAgent) -- C:Program Files (x86)AVGAVG2012AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)

SRV - (PnkBstrA) -- C:WindowsSysWOW64PnkBstrA.exe ()

SRV - (avgwd) -- C:Program Files (x86)AVGAVG2012avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Steam Client Service) -- C:Program Files (x86)Common FilesSteamSteamService.exe (Valve Corporation)

SRV - (nvUpdatusService) -- C:Program Files (x86)NVIDIA CorporationNVIDIA Updatusdaemonu.exe (NVIDIA Corporation)

SRV - (Stereo Service) -- C:Program Files (x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe (Microsoft Corporation)

SRV - (SwitchBoard) -- C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated)

SRV - (clr_optimization_v2.0.50727_32) -- C:WindowsMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:Program Files (x86)Spybot - Search & DestroySDWinSec.exe (Safer Networking Ltd.)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - (MBAMProtector) -- C:WindowsSysNativedriversmbam.sys (Malwarebytes Corporation)

DRV:64bit: - (Avgldx64) -- C:WindowsSysNativedriversavgldx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgrkx64) -- C:WindowsSysNativedriversavgrkx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (dtsoftbus01) -- C:WindowsSysNativedriversdtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (netr28ux) -- C:WindowsSysNativedriversnetr28ux.sys (Ralink Technology Corp.)

DRV:64bit: - (Avgmfx64) -- C:WindowsSysNativedriversavgmfx64.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (Avgtdia) -- C:WindowsSysNativedriversavgtdia.sys (AVG Technologies CZ, s.r.o.)

DRV:64bit: - (AVGIDSFilter) -- C:WindowsSysNativedriversAVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSDriver) -- C:WindowsSysNativedriversAVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (AVGIDSEH) -- C:WindowsSysNativedriversAVGIDSEH.sys (AVG Technologies CZ, s.r.o. )

DRV:64bit: - (Netaapl) -- C:WindowsSysNativedriversnetaapl64.sys (Apple Inc.)

DRV:64bit: - (USBAAPL64) -- C:WindowsSysNativedriversusbaapl64.sys (Apple, Inc.)

DRV:64bit: - (RTL8192su) -- C:WindowsSysNativedriversRTL8192su.sys (Realtek Semiconductor Corporation )

DRV:64bit: - (amdsata) -- C:WindowsSysNativedriversamdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:WindowsSysNativedriversamdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:WindowsSysNativedriversamdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:WindowsSysNativedriverslsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:WindowsSysNativedriversHpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:WindowsSysNativedriversstexstor.sys (Promise Technology)

DRV:64bit: - (ebdrv) -- C:WindowsSysNativedriversevbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:WindowsSysNativedriversbxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:WindowsSysNativedriversb57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:WindowsSysNativedrivershcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:WindowsSysNativedriversGEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (MTsensor) -- C:WindowsSysNativedriversASACPI.sys ()

DRV - (WIMMount) -- C:WindowsSysWOW64driverswimmount.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLMSOFTWAREMicrosoftInternet ExplorerMain,Local Page = C:WindowsSysWOW64blank.htm

 

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page = http://www.google.com.au/

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCUSOFTWAREMicrosoftInternet ExplorerMain,Start Page Redirect Cache_TIMESTAMP =

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyEnable" = 0

IE - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings: "ProxyOverride" = *.local

 

========== FireFox ==========

 

FF - prefs.js..network.proxy.type: 0

 

 

FF:64bit: - [email protected]/JavaPlugin: C:Program FilesJavajre6binnew_pluginnpjp2.dll (Sun Microsystems, Inc.)

FF - [email protected]/FlashPlayer: C:WindowsSysWOW64MacromedFlashNPSWF32.dll ()

FF - [email protected]/iTunes,version=1.0: C:Program Files (x86)iTunesMozilla Pluginsnpitunes.dll ()

FF - [email protected]/WLPG,version=15.4.3502.0922: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/WLPG,version=15.4.3538.0513: C:Program Files (x86)Windows LivePhoto GalleryNPWLPG.dll (Microsoft Corporation)

FF - [email protected]/NxGame: C:ProgramDataNexonUSNGMnpNxGameUS.dll (Nexon)

FF - [email protected]/3DVision: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dv.dll (NVIDIA Corporation)

FF - [email protected]/3DVisionStreaming: C:Program Files (x86)NVIDIA Corporation3D Visionnpnv3dvstreaming.dll (NVIDIA Corporation)

 

FF - HKEY_LOCAL_MACHINEsoftwaremozillaFirefoxExtensions{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:Program Files (x86)AVGAVG2012Firefox4 [2012/01/05 11:16:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsComponents: C:Program Files (x86)Mozilla Firefoxcomponents [2012/01/01 06:07:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINEsoftwaremozillaMozilla Firefox 8.0extensionsPlugins: C:Program Files (x86)Mozilla Firefoxplugins

 

[2011/05/11 21:59:33 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaExtensions

[2011/12/06 15:53:25 | 000,000,000 | ---D | M] (No name found) -- C:UsersHayleeeAppDataRoamingMozillaFirefoxProfiles54hjis6t.defaultextensions

[2011/12/31 11:07:40 | 000,000,000 | ---D | M] (No name found) -- C:Program Files (x86)Mozilla Firefoxextensions

[2012/01/01 06:07:48 | 000,000,000 | ---D | M] (Java Console) -- C:Program Files (x86)Mozilla Firefoxextensions{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

File not found (No name found) -- C:USERSHAYLEEEAPPDATAROAMINGMOZILLAFIREFOXPROFILES54HJIS6T.DEFAULTEXTENSIONS{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}

[2011/11/13 10:52:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:Program Files (x86)mozilla firefoxcomponentsbrowsercomps.dll

 

========== Chrome ==========

 

CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo4.2_0

CHR - Extension: No name found = C:UsersHayleeeAppDataLocalGoogleChromeUser DataDefaultExtensionsjmfkcklnlgedgbglfkkgedjfmejoahla12.0.0.1901_0

 

O1 HOSTS File: ([2012/01/13 16:04:21 | 000,000,098 | ---- | M]) - C:WindowsSysNativedriversetcHosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG2012avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O4:64bit: - HKLM..Run: [AdobeAAMUpdater-1.0] C:Program Files (x86)Common FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..Run: [AdobeCS5ServiceManager] C:Program Files (x86)Common FilesAdobeCS5ServiceManagerCS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..Run: [APSDaemon] C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe (Apple Inc.)

O4 - HKLM..Run: [AVG_TRAY] C:Program Files (x86)AVGAVG2012avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..Run: [Malwarebytes' Anti-Malware] C:Program Files (x86)Malwarebytes' Anti-Malwarembamgui.exe (Malwarebytes Corporation)

O4 - HKLM..Run: [switchBoard] C:Program Files (x86)Common FilesAdobeSwitchBoardSwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..Run: [DAEMON Tools Lite] C:Program Files (x86)DAEMON Tools LiteDTLite.exe (DT Soft Ltd)

O6 - HKLMSoftwarePoliciesMicrosoftInternet ExplorerRestrictions present

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorAdmin = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: ConsentPromptBehaviorUser = 3

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: EnableLUA = 0

O6 - HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciesSystem: PromptOnSecureDesktop = 0

O7 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present

O7 - HKCUSOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:Program Files (x86)Spybot - Search & DestroySDHelper.dll (Safer Networking Limited)

O10:64bit: - NameSpace_Catalog5Catalog_Entries64000000000009 [] - C:Program FilesBonjourmdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000001 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000002 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000003 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10:64bit: - Protocol_Catalog9Catalog_Entries64000000000014 - C:WindowsSysNativenvappfilter64.dll (NVIDIA)

O10 - NameSpace_Catalog5Catalog_Entries000000000009 [] - C:Program Files (x86)BonjourmdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9Catalog_Entries000000000001 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9Catalog_Entries000000000002 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9Catalog_Entries000000000003 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O10 - Protocol_Catalog9Catalog_Entries000000000014 - C:WindowsSysWOW64nvappfilter.dll (NVIDIA)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLMSystemCCSServicesTcpipParameters: DhcpNameServer = 10.1.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{6C76B5D7-DF34-4C95-BEF2-3E0CF83ABC5D}: DhcpNameServer = 10.4.85.135 10.4.176.231

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{856747D4-0E15-4F15-8FA9-82235683E5FC}: DhcpNameServer = 10.1.1.1

O17 - HKLMSystemCCSServicesTcpipParametersInterfaces{BB29DAFB-C723-47A0-A4DB-C2DD6CD63C85}: DhcpNameServer = 10.1.1.1

O18:64bit: - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgppa.dll (AVG Technologies CZ, s.r.o.)

O18 - ProtocolHandlerlinkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG2012avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:Windowsexplorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) - C:WindowsSysNativeuserinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:WindowsSysNativeSystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:WindowsSysWow64explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:Windowssystem32userinit.exe) -C:WindowsSysWOW64userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:PROGRA~2AVGAVG2012avgrsa.exe /sync /restart)

O35:64bit: - HKLM..comfile [open] -- "%1" %*

O35:64bit: - HKLM..exefile [open] -- "%1" %*

O35 - HKLM..comfile [open] -- "%1" %*

O35 - HKLM..exefile [open] -- "%1" %*

O37:64bit: - HKLM...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM...exe [@ = exefile] -- "%1" %*

O37 - HKLM...com [@ = ComFile] -- "%1" %*

O37 - HKLM...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2012/01/13 16:04:20 | 000,000,000 | ---D | C] -- C:_OTL

[2012/01/13 16:03:02 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsERUNT

[2012/01/13 16:03:02 | 000,000,000 | ---D | C] -- C:Program Files (x86)ERUNT

[2012/01/13 16:02:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:UsersHayleeeDesktoperunt-setup.exe

[2012/01/12 17:34:06 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalElevatedDiagnostics

[2012/01/11 12:43:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe

[2012/01/11 10:51:19 | 000,000,000 | -HSD | C] -- C:$RECYCLE.BIN

[2012/01/11 10:18:29 | 000,000,000 | ---D | C] -- C:Windowstemp

[2012/01/11 10:07:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:WindowsSWREG.exe

[2012/01/11 10:07:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:WindowsSWSC.exe

[2012/01/11 10:07:04 | 000,060,416 | ---- | C] (NirSoft) -- C:WindowsNIRCMD.exe

[2012/01/08 11:44:21 | 000,000,000 | ---D | C] -- C:Program Files (x86)ESET

[2012/01/08 11:29:18 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe

[2012/01/06 06:51:08 | 004,704,768 | ---- | C] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe

[2012/01/06 06:48:39 | 000,607,260 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopdds.com

[2012/01/05 17:32:09 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsHiJackThis

[2012/01/05 17:32:08 | 000,000,000 | ---D | C] -- C:Program Files (x86)HJT

[2012/01/05 12:13:19 | 000,000,000 | ---D | C] -- C:WindowsERDNT

[2012/01/05 12:10:09 | 000,000,000 | ---D | C] -- C:Qoobox

[2012/01/05 12:06:17 | 004,377,322 | R--- | C] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe

[2012/01/05 11:57:07 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsSpybot - Search & Destroy

[2012/01/05 11:57:00 | 000,000,000 | ---D | C] -- C:ProgramDataSpybot - Search & Destroy

[2012/01/05 11:56:59 | 000,000,000 | ---D | C] -- C:Program Files (x86)Spybot - Search & Destroy

[2012/01/05 11:25:48 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingAVG2012

[2012/01/05 11:16:52 | 000,000,000 | -H-D | C] -- C:ProgramDataCommon Files

[2012/01/05 11:16:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsAVG 2012

[2012/01/05 11:16:36 | 000,000,000 | ---D | C] -- C:WindowsSysWow64driversAVG

[2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:ProgramDataAVG2012

[2012/01/05 11:15:03 | 000,000,000 | ---D | C] -- C:WindowsSysNativedriversAVG

[2012/01/05 11:13:56 | 000,000,000 | ---D | C] -- C:Program Files (x86)AVG

[2012/01/05 11:01:38 | 000,000,000 | ---D | C] -- C:ProgramDataMicrosoftWindowsStart MenuProgramsCCleaner

[2012/01/05 11:01:37 | 000,000,000 | ---D | C] -- C:Program FilesCCleaner

[2012/01/05 11:01:21 | 000,000,000 | ---D | C] -- C:ProgramDataMFAData

[2012/01/01 13:45:01 | 000,000,000 | ---D | C] -- C:WindowsSysNativeMacromed

[2012/01/01 11:43:07 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsGoogle Chrome

[2011/12/31 11:18:22 | 000,000,000 | ---D | C] -- C:UsersHayleeeDocumentsll

[2011/12/31 11:09:19 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalGoogle

[2011/12/31 11:08:34 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataLocalDeployment

[2011/12/29 09:57:11 | 000,000,000 | ---D | C] -- C:UsersHayleeeAppDataRoamingUnified Remote

[2011/12/28 17:58:56 | 000,000,000 | ---D | C] -- C:UsersHayleeejagexcache

[2011/12/28 17:58:15 | 000,000,000 | ---D | C] -- C:Program Files (x86)Common FilesJava

[2011/12/28 17:57:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe

[2011/12/28 17:57:23 | 000,000,000 | ---D | C] -- C:Program Files (x86)Java

[2011/05/10 11:23:34 | 000,216,064 | ---- | C] ( ) -- C:WindowsSysWow64lagarith.dll

[2010/02/04 15:00:00 | 000,139,264 | ---- | C] ( ) -- C:Windowssipr3260.dll

 

========== Files - Modified Within 30 Days ==========

 

[2012/01/13 16:12:44 | 000,792,914 | ---- | M] () -- C:WindowsSysNativePerfStringBackup.INI

[2012/01/13 16:12:44 | 000,669,276 | ---- | M] () -- C:WindowsSysNativeperfh009.dat

[2012/01/13 16:12:44 | 000,125,358 | ---- | M] () -- C:WindowsSysNativeperfc009.dat

[2012/01/13 16:07:27 | 000,067,584 | --S- | M] () -- C:Windowsbootstat.dat

[2012/01/13 16:07:21 | 2146,344,959 | -HS- | M] () -- C:hiberfil.sys

[2012/01/13 16:05:04 | 000,000,916 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job

[2012/01/13 16:04:21 | 000,000,098 | ---- | M] () -- C:WindowsSysNativedriversetcHosts

[2012/01/13 16:03:03 | 000,000,924 | ---- | M] () -- C:UsersHayleeeDesktopNTREGOPT.lnk

[2012/01/13 16:03:03 | 000,000,905 | ---- | M] () -- C:UsersHayleeeDesktopERUNT.lnk

[2012/01/13 16:02:57 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:UsersHayleeeDesktoperunt-setup.exe

[2012/01/13 15:59:10 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/01/13 15:59:10 | 000,014,416 | -H-- | M] () -- C:WindowsSysNative7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/01/13 15:57:33 | 086,634,520 | ---- | M] () -- C:WindowsSysNativedriversAVGincavi.avm

[2012/01/12 21:07:08 | 000,000,024 | ---- | M] () -- C:UsersHayleeerandom.dat

[2012/01/12 17:17:25 | 000,000,046 | ---- | M] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat

[2012/01/11 12:43:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopOTL.exe

[2012/01/11 10:06:45 | 004,377,322 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopComboFix.exe

[2012/01/08 13:05:02 | 000,000,864 | ---- | M] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job

[2012/01/08 12:52:43 | 000,000,866 | ---- | M] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/01/08 11:29:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:UsersHayleeeDesktopTFC.exe

[2012/01/07 19:57:46 | 001,601,493 | ---- | M] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg

[2012/01/06 06:55:21 | 000,000,512 | ---- | M] () -- C:UsersHayleeeDesktopMBR.dat

[2012/01/06 06:51:08 | 004,704,768 | ---- | M] (AVAST Software) -- C:UsersHayleeeDesktopaswMBR.exe

[2012/01/06 06:48:53 | 000,607,260 | R--- | M] (Swearware) -- C:UsersHayleeeDesktopdds.com

[2012/01/05 17:32:09 | 000,002,993 | ---- | M] () -- C:UsersHayleeeDesktopHiJackThis.lnk

[2012/01/05 13:00:42 | 000,002,324 | ---- | M] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk

[2012/01/05 12:26:38 | 000,000,027 | ---- | M] () -- C:WindowsSysNativedriversetchosts.20120105-123333.backup

[2012/01/05 11:57:12 | 000,001,282 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/01/05 11:57:12 | 000,001,258 | ---- | M] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk

[2012/01/05 11:16:39 | 000,000,965 | ---- | M] () -- C:UsersPublicDesktopAVG 2012.lnk

[2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGincavi.avm

[2012/01/05 11:16:36 | 000,000,000 | ---- | M] () -- C:WindowsSysWow64driversAVGiavichjw.avm

[2012/01/01 13:45:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:WindowsSysWow64FlashPlayerCPLApp.cpl

[2012/01/01 11:49:00 | 000,001,109 | ---- | M] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/01/01 11:47:21 | 000,001,437 | ---- | M] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/01/01 06:10:28 | 000,000,064 | ---- | M] () -- C:WindowsSysWow64rp_stats.dat

[2012/01/01 06:10:28 | 000,000,044 | ---- | M] () -- C:WindowsSysWow64rp_rules.dat

[2011/12/28 17:57:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:WindowsSysWow64java.exe

 

========== Files Created - No Company Name ==========

 

[2012/01/13 16:03:03 | 000,000,924 | ---- | C] () -- C:UsersHayleeeDesktopNTREGOPT.lnk

[2012/01/13 16:03:03 | 000,000,905 | ---- | C] () -- C:UsersHayleeeDesktopERUNT.lnk

[2012/01/13 15:57:33 | 086,634,520 | ---- | C] () -- C:WindowsSysNativedriversAVGincavi.avm

[2012/01/11 10:07:04 | 000,256,000 | ---- | C] () -- C:WindowsPEV.exe

[2012/01/11 10:07:04 | 000,208,896 | ---- | C] () -- C:WindowsMBR.exe

[2012/01/11 10:07:04 | 000,098,816 | ---- | C] () -- C:Windowssed.exe

[2012/01/11 10:07:04 | 000,080,412 | ---- | C] () -- C:Windowsgrep.exe

[2012/01/11 10:07:04 | 000,068,096 | ---- | C] () -- C:Windowszip.exe

[2012/01/08 12:44:35 | 001,601,493 | ---- | C] () -- C:UsersHayleeeDesktopIMG_20120107_195746.jpg

[2012/01/06 06:55:21 | 000,000,512 | ---- | C] () -- C:UsersHayleeeDesktopMBR.dat

[2012/01/05 17:32:09 | 000,002,993 | ---- | C] () -- C:UsersHayleeeDesktopHiJackThis.lnk

[2012/01/05 13:00:42 | 000,002,324 | ---- | C] () -- C:UsersHayleeeDesktopGoogle Chrome.lnk

[2012/01/05 11:57:12 | 000,001,282 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchSpybot - Search & Destroy.lnk

[2012/01/05 11:57:12 | 000,001,258 | ---- | C] () -- C:UsersHayleeeDesktopSpybot - Search & Destroy.lnk

[2012/01/05 11:16:39 | 000,000,965 | ---- | C] () -- C:UsersPublicDesktopAVG 2012.lnk

[2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGincavi.avm

[2012/01/05 11:16:36 | 000,000,000 | ---- | C] () -- C:WindowsSysWow64driversAVGiavichjw.avm

[2012/01/05 11:01:38 | 000,000,866 | ---- | C] () -- C:UsersPublicDesktopCCleaner.lnk

[2012/01/01 11:49:00 | 000,001,109 | ---- | C] () -- C:UsersPublicDesktopMalwarebytes Anti-Malware.lnk

[2012/01/01 11:41:17 | 000,000,916 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000UA.job

[2012/01/01 11:41:14 | 000,000,864 | ---- | C] () -- C:WindowstasksGoogleUpdateTaskUserS-1-5-21-1888113294-1304185749-78946181-1000Core.job

[2012/01/01 11:39:42 | 000,001,443 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer.lnk

[2012/01/01 11:39:42 | 000,001,437 | ---- | C] () -- C:UsersHayleeeApplication DataMicrosoftInternet ExplorerQuick LaunchLaunch Internet Explorer Browser.lnk

[2012/01/01 11:39:42 | 000,001,409 | ---- | C] () -- C:UsersHayleeeAppDataRoamingMicrosoftWindowsStart MenuProgramsInternet Explorer (64-bit).lnk

[2011/12/28 17:58:56 | 000,000,046 | ---- | C] () -- C:UsersHayleeejagex_cl_runescape_LIVE.dat

[2011/12/28 17:58:56 | 000,000,024 | ---- | C] () -- C:UsersHayleeerandom.dat

[2011/12/05 09:58:38 | 000,000,132 | ---- | C] () -- C:UsersHayleeeAppDataRoamingAdobe PNG Format CS5 Prefs

[2011/09/23 21:23:16 | 000,000,064 | ---- | C] () -- C:WindowsSysWow64rp_stats.dat

[2011/09/23 21:23:16 | 000,000,044 | ---- | C] () -- C:WindowsSysWow64rp_rules.dat

[2011/08/29 19:23:55 | 000,215,128 | ---- | C] () -- C:WindowsSysWow64PnkBstrB.exe

[2011/08/29 19:23:53 | 002,434,856 | ---- | C] () -- C:WindowsSysWow64pbsvc_bc2.exe

[2011/08/29 19:23:53 | 000,075,064 | ---- | C] () -- C:WindowsSysWow64PnkBstrA.exe

[2011/08/25 15:17:59 | 000,200,704 | ---- | C] () -- C:WindowsSysWow64UpdateDriver.exe

[2011/08/25 15:17:59 | 000,005,226 | ---- | C] () -- C:WindowsSysWow64ucuiinfo.ini

[2011/06/26 18:18:24 | 000,786,294 | ---- | C] () -- C:WindowsSysWow64PerfStringBackup.INI

[2011/04/28 02:21:38 | 003,268,096 | ---- | C] () -- C:WindowsSysWow64x264vfw.dll

[2011/04/12 10:09:18 | 000,073,216 | ---- | C] () -- C:WindowsSysWow64ff_vfw.dll

[2011/03/20 02:06:02 | 000,240,640 | ---- | C] () -- C:WindowsSysWow64xvidvfw.dll

[2011/03/20 02:04:28 | 000,650,752 | ---- | C] () -- C:WindowsSysWow64xvidcore.dll

[2010/03/15 20:31:48 | 000,165,376 | ---- | C] () -- C:WindowsSysWow64unrar.dll

[2009/07/14 13:38:36 | 000,067,584 | --S- | C] () -- C:Windowsbootstat.dat

[2009/07/14 10:35:51 | 000,000,741 | ---- | C] () -- C:WindowsSysWow64NOISE.DAT

[2009/07/14 10:34:42 | 000,215,943 | ---- | C] () -- C:WindowsSysWow64dssec.dat

[2009/07/14 08:10:29 | 000,043,131 | ---- | C] () -- C:Windowsmib.bin

[2009/07/14 07:42:10 | 000,064,000 | ---- | C] () -- C:WindowsSysWow64BWContextHandler.dll

[2009/07/14 05:03:59 | 000,364,544 | ---- | C] () -- C:WindowsSysWow64msjetoledb40.dll

[2009/06/11 05:26:10 | 000,673,088 | ---- | C] () -- C:WindowsSysWow64mlang.dat

[2007/08/01 11:39:28 | 000,012,536 | ---- | C] () -- C:WindowsSysWow64driversASUSHWIO.SYS

[2007/02/06 11:05:26 | 000,000,038 | ---- | C] () -- C:WindowsAviSplitter.INI

< End of report >

Share this post


Link to post
Share on other sites

Okay, so the Uninstaller doesn't even load for firefox. But I have installed Firefox in a new directory and that loads fine but then freezes after a few seconds. Also unable to uninstall the other one.

Edited by yoyocool2

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...