Jump to content

Computer keeps freezing - HJT log


Z4CK56
 Share

Recommended Posts

Here ya go

 

The type of the file system is NTFS.

Volume label is HP.

 

WARNING! F parameter not specified.

Running CHKDSK in read-only mode.

 

CHKDSK is verifying files (stage 1 of 3)...

File verification completed.

3143 large file records processed.

 

0 bad file records processed.

 

0 EA records processed.

 

44 reparse records processed.

 

CHKDSK is verifying indexes (stage 2 of 3)...

Index verification completed.

CHKDSK is verifying security descriptors (stage 3 of 3)...

Security descriptor verification completed.

50686 data files processed.

 

CHKDSK is verifying Usn Journal...

Usn Journal verification completed.

Windows has checked the file system and found no problems.

 

610791268 KB total disk space.

292250052 KB in 333566 files.

181652 KB in 50687 indexes.

0 KB in bad sectors.

546524 KB in use by the system.

65536 KB occupied by the log file.

317813040 KB available on disk.

 

4096 bytes in each allocation unit.

152697817 total allocation units on disk.

79453260 allocation units available on disk.

Link to comment
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Hi. :)

 

Computer just froze again today and now skype keeps freezing whenever i use firefox.

OK...

 

Updated skype that fixed the skype issue.

Noted. Not used skype myself in a quite a long time, what did you do to rectify this if I may ask?

 

Next:

 

Delete all contents of your Downloads folder please then Empty the Recycle Bin.

 

Download/Run ComboFix:

 

Please visit this webpage for download links, and instructions for running the tool:

 

How to use ComboFix

 

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:ComboFix.txt in your next reply for further review.

 

If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart your computer.

 

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.

This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

 

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any other symptoms and or problems encountered?
  • ComboFix Log.
Link to comment
Share on other sites

I apologize for not getting around to that yet, I got a little bit busy and forgot ill be doing what you asked tomorrow.

 

As for the Skype fix, after 2 or 3 times of Skype crashing, windows suggested a solution to me that led me to the Skype website where I downloaded the update and ran it. The update removed the old version and updated pretty simple fix.

Link to comment
Share on other sites

I apologize for not getting around to that yet, I got a little bit busy and forgot ill be doing what you asked tomorrow.

Not a problem and thank you for the courtesy of informing myself!

 

As for the Skype fix, after 2 or 3 times of Skype crashing, windows suggested a solution to me that led me to the Skype website where I downloaded the update and ran it. The update removed the old version and updated pretty simple fix.

Fair play and thanks, good to know. :)

Link to comment
Share on other sites

Ok so i ran the combo fix as asked with the antivirus turned off and everything. Everything went very smoothly, it restarted my computer automatically, but as soon as it came back up my Catalyst Control Center for my graphics card didn't start up like it normally did and my monitor screen is currently "glitching out" like every time the screen refreshes its like the screen splits in half and both sides are displayed over the screen, but only for a split second. When i tried to open up the catalyst control center manually it gave me this error:

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe

C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCCC.exe

 

A device attached to the system is not functioning

ill attempt a restart and see if that fixes it.

 

in the mean time here is the combo fix logs.

 

ComboFix 12-02-15.01 - Zach 02/15/2012 19:45:36.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4009 [GMT -7:00]

Running from: c:usersZachDesktopComboFix.exe

AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:Install.exe

c:programdataMicrosoftWindowsStart MenuPrograms1964.lnk

c:usersZachAppDataRoamingcacaoweb

c:usersZachAppDataRoamingcacaowebcacaoweb.exe

c:usersZachAppDataRoamingcacaoweberrorlog.txt

c:usersZachAppDataRoamingcacaowebnpdfile.dat

c:usersZachAppDataRoamingcacaowebreplicating3F6028EC0CB8D305E55189366B27E500.cacao

c:usersZachAppDataRoamingcacaowebreplicating69BF885E11B650CFC5FCECE3518FD637.cacao

c:usersZachAppDataRoamingcacaowebreplicating6B82F84C4ECCEFDC345E0510C16CE05D.cacao

c:usersZachAppDataRoamingcacaowebreplicating7B04FFFA937576DD8E515D6932A3AC39.cacao

c:usersZachAppDataRoamingcacaowebreplicatingD220EE800EDC51067027AF6BC9A12D67.cacao

c:usersZachAppDataRoamingcacaowebstorage.db

c:usersZachAppDataRoamingEurekaLog

c:usersZachAppDataRoamingMicrosoftWindowsRecentCurse Client.appref-ms

c:windowssystem32GroupPolicyMachineRegistry.pol

F:Autorun.inf

F:Setup.exe

.

c:windowsSysWow64userinit.exe . . . is infected!!

.

.

((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))

.

.

2012-02-16 03:05 . 2012-02-16 03:05 -------- d-----w- c:usersDefaultAppDataLocaltemp

2012-02-14 22:24 . 2011-12-14 16:38 621056 ----a-w- c:windowssystem32msvcrt.dll

2012-02-14 22:24 . 2011-12-14 16:17 680448 ----a-w- c:windowsSysWow64msvcrt.dll

2012-02-14 22:24 . 2012-01-12 20:16 2765824 ----a-w- c:windowssystem32win32k.sys

2012-02-14 22:24 . 2012-01-03 14:25 404992 ----a-w- c:windowssystem32driversafd.sys

2012-02-14 22:24 . 2011-12-20 10:56 2409784 ----a-w- c:program files (x86)Windows MailOESpamFilter.dat

2012-02-14 22:24 . 2011-12-20 10:56 2409784 ----a-w- c:program filesWindows MailOESpamFilter.dat

2012-02-11 22:51 . 2012-02-11 22:51 -------- d-----w- c:program files (x86)Common FilesSkype

2012-02-08 02:06 . 2012-02-08 02:06 -------- d-----w- c:program files (x86)Common FilesJava

2012-02-08 02:05 . 2012-02-08 02:05 -------- d-----w- c:program files (x86)Java

2012-02-05 23:06 . 2011-11-17 16:39 3993576 ----a-w- c:windowsSysWow64GameMon.des

2012-02-05 23:05 . 2004-12-31 06:43 4682 ----a-w- c:windowsSysWow64npptNT2.sys

2012-02-05 23:05 . 2003-07-16 15:17 5174 ----a-w- c:windowsSysWow64nppt9x.vxd

2012-02-05 23:05 . 2012-02-05 23:05 -------- d-----w- c:program filesCommon FilesINCA Shared

2012-02-05 23:00 . 2012-02-05 23:00 -------- d-----w- C:GamesCampus

2012-02-05 22:26 . 2012-02-05 23:05 -------- d-----w- c:usersZachAppDataLocalPMB Files

2012-02-05 22:26 . 2012-02-05 22:57 -------- d-----w- c:programdataPMB Files

2012-02-05 22:26 . 2012-02-05 22:26 -------- d-----w- c:program files (x86)Pando Networks

2012-02-04 04:22 . 2012-02-04 04:22 -------- d-----w- c:programdataBDLogging

2012-02-04 02:50 . 2012-02-04 02:50 -------- d-----w- c:program files (x86)Microsoft XNA

2012-02-04 02:37 . 2012-02-04 02:37 -------- d-----w- c:program files (x86)Zachtronics Industries

2012-02-02 00:50 . 2012-02-02 00:50 -------- d-----w- c:programdataRELOADED

2012-02-02 00:25 . 2012-02-02 00:25 -------- d-----w- c:usersZachAppDataLocalSKIDROW

2012-02-02 00:21 . 2007-10-12 22:14 2006552 ----a-w- c:windowssystem32D3DCompiler_36.dll

2012-01-31 22:14 . 2012-01-31 22:14 -------- d-----w- C:_OTL

2012-01-30 22:30 . 2012-01-30 22:30 -------- d-----w- c:program files (x86)ERUNT

2012-01-30 02:57 . 2012-01-30 02:57 98304 ----a-w- c:windowsSysWow64CmdLineExt.dll

2012-01-29 07:39 . 2012-01-29 07:39 -------- d-----w- c:usersZachAppDataLocalGeckofx

2012-01-29 07:39 . 2012-01-29 07:39 -------- d-----w- c:usersZachAppDataRoamingFirefly Studios

2012-01-29 07:33 . 2012-02-02 00:25 -------- d-----w- c:programdataFirefly Studios

2012-01-29 05:35 . 2012-01-30 00:42 -------- d-----w- c:program files (x86)GameSpy Arcade

2012-01-29 05:31 . 2012-02-01 21:42 -------- d-----w- c:program files (x86)Firefly Studios

2012-01-29 04:01 . 2009-09-05 00:29 1892184 ----a-w- c:windowsSysWow64D3DX9_42.dll

2012-01-29 04:01 . 2006-09-28 23:05 2414360 ----a-w- c:windowsSysWow64d3dx9_31.dll

2012-01-29 04:00 . 2012-01-29 19:22 -------- d-----w- c:program files (x86)Winamp

2012-01-29 03:57 . 2012-01-29 03:58 -------- d-----w- c:program filesVirtual Audio Cable

2012-01-29 03:57 . 2007-09-14 20:31 58624 ----a-w- c:windowssystem32driversvrtaucbl.sys

2012-01-28 18:59 . 2012-01-28 18:59 -------- d-----w- c:programdataATI

2012-01-28 18:59 . 2012-01-28 18:59 -------- d-----w- c:program files (x86)AMD APP

2012-01-27 02:07 . 2012-01-27 02:10 -------- d-----w- c:usersZachAppDataLocalAhead

2012-01-27 02:06 . 2012-01-28 00:34 -------- d-----w- c:usersZachAppDataRoamingAhead

2012-01-27 02:06 . 2012-01-27 02:06 -------- d-----w- c:programdataAhead

2012-01-27 02:04 . 2012-01-27 02:05 -------- d-----w- c:program files (x86)Common FilesAhead

2012-01-27 02:04 . 2012-01-27 02:04 -------- d-----w- c:programdataNero

2012-01-27 02:04 . 2012-01-27 02:04 -------- d-----w- c:program files (x86)Nero

2012-01-27 01:09 . 2012-01-27 01:09 -------- d-----w- c:program files (x86)FreeTime

2012-01-24 23:31 . 2012-01-24 23:31 388096 ----a-r- c:usersZachAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-24 23:31 . 2012-01-24 23:31 -------- d-----w- c:program files (x86)Trend Micro

2012-01-23 23:10 . 2012-01-23 23:45 -------- d-----w- c:usersZachAppDataRoamingImgBurn

2012-01-23 22:46 . 2012-01-23 22:46 -------- d-----w- c:program files (x86)ImgBurn

2012-01-23 22:08 . 2012-01-23 22:08 -------- d-----w- c:windowsSun

2012-01-22 06:15 . 2011-12-22 00:35 74344 ----a-w- c:windowssystem32RtNicProp64.dll

2012-01-22 06:15 . 2011-09-08 23:40 508520 ----a-w- c:windowssystem32driversRtlh64.sys

2012-01-22 06:15 . 2011-09-08 23:40 107552 ----a-w- c:windowssystem32RTNUninst64.dll

2012-01-22 05:37 . 2008-08-19 17:56 53248 ----a-w- c:windowsSysWow64CSVer.dll

2012-01-22 05:31 . 2012-01-22 05:35 -------- d-----w- c:programdataRalink

2012-01-22 05:29 . 2011-11-15 06:53 1813056 ----a-w- c:windowssystem32driversnetr28x.sys

2012-01-22 05:29 . 2012-01-22 05:29 -------- d-----w- c:programdataRalink Driver

2012-01-22 05:28 . 2012-01-22 05:28 -------- d-----w- c:windowssystem32RaLanguages

2012-01-22 05:28 . 2011-05-04 20:55 1121856 ----a-w- c:windowsSysWow64RAIHV.dll

2012-01-22 05:28 . 2010-07-02 00:45 128864 ----a-w- c:windowsSysWow64RAEXTUI.dll

2012-01-22 05:28 . 2010-06-29 17:35 792416 ----a-w- c:windowsSysWow64DiagFunc.dll

2012-01-22 05:28 . 2010-06-29 17:35 792416 ----a-w- c:windowssystem32DiagFunc.dll

2012-01-22 05:28 . 2012-01-22 05:28 -------- d-----w- c:program files (x86)Ralink

2012-01-22 05:16 . 2009-11-24 16:55 518896 ----a-w- c:windowssystem32SRSTSX64.dll

2012-01-22 05:16 . 2009-11-24 16:55 155888 ----a-w- c:windowssystem32SRSWOW64.dll

2012-01-22 05:14 . 2012-01-29 05:31 -------- d-----w- c:program files (x86)Common FilesInstallShield

2012-01-20 23:47 . 2012-01-20 23:47 -------- d-----w- c:program filesiPod

2012-01-20 23:47 . 2012-01-20 23:47 -------- d-----w- c:program filesiTunes

2012-01-20 23:47 . 2012-01-20 23:47 -------- d-----w- c:program files (x86)iTunes

2012-01-17 18:45 . 2012-01-17 18:45 4376224 ----a-w- c:program files (x86)Mozilla Firefoxextensions{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}componentsSkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-08 02:05 . 2010-09-23 01:07 472808 ----a-w- c:windowsSysWow64deployJava1.dll

2012-02-03 22:34 . 2011-08-04 00:11 79952 ----a-w- c:windowssystem32driversbdsandbox.sys

2012-02-03 22:34 . 2011-07-15 22:12 544552 ----a-w- c:windowssystem32driversavckf.sys

2012-02-03 22:34 . 2011-07-15 22:12 691384 ----a-w- c:windowssystem32driversavc3.sys

2012-01-22 05:16 . 2009-04-22 10:32 525792 ----a-w- c:windowsDIFxAPI.dll

2012-01-15 00:54 . 2012-01-15 00:54 161792 ----a-w- c:windowsSysWow64msls31.dll

2012-01-15 00:54 . 2012-01-15 00:54 86528 ----a-w- c:windowsSysWow64iesysprep.dll

2012-01-15 00:54 . 2012-01-15 00:54 76800 ----a-w- c:windowsSysWow64SetIEInstalledDate.exe

2012-01-15 00:54 . 2012-01-15 00:54 74752 ----a-w- c:windowsSysWow64RegisterIEPKEYs.exe

2012-01-15 00:54 . 2012-01-15 00:54 74752 ----a-w- c:windowsSysWow64iesetup.dll

2012-01-15 00:54 . 2012-01-15 00:54 63488 ----a-w- c:windowsSysWow64tdc.ocx

2012-01-15 00:54 . 2012-01-15 00:54 48640 ----a-w- c:windowsSysWow64mshtmler.dll

2012-01-15 00:54 . 2012-01-15 00:54 367104 ----a-w- c:windowsSysWow64html.iec

2012-01-15 00:54 . 2012-01-15 00:54 23552 ----a-w- c:windowsSysWow64licmgr10.dll

2012-01-15 00:54 . 2012-01-15 00:54 420864 ----a-w- c:windowsSysWow64vbscript.dll

2012-01-15 00:54 . 2012-01-15 00:54 35840 ----a-w- c:windowsSysWow64imgutil.dll

2012-01-15 00:54 . 2012-01-15 00:54 152064 ----a-w- c:windowsSysWow64wextract.exe

2012-01-15 00:54 . 2012-01-15 00:54 150528 ----a-w- c:windowsSysWow64iexpress.exe

2012-01-15 00:54 . 2012-01-15 00:54 142848 ----a-w- c:windowsSysWow64ieUnatt.exe

2012-01-15 00:54 . 2012-01-15 00:54 11776 ----a-w- c:windowsSysWow64mshta.exe

2012-01-15 00:54 . 2012-01-15 00:54 110592 ----a-w- c:windowsSysWow64IEAdvpack.dll

2012-01-15 00:54 . 2012-01-15 00:54 101888 ----a-w- c:windowsSysWow64admparse.dll

2012-01-15 00:54 . 2012-01-15 00:54 222208 ----a-w- c:windowssystem32msls31.dll

2012-01-15 00:54 . 2012-01-15 00:54 91648 ----a-w- c:windowssystem32SetIEInstalledDate.exe

2012-01-15 00:54 . 2012-01-15 00:54 89088 ----a-w- c:windowssystem32RegisterIEPKEYs.exe

2012-01-15 00:54 . 2012-01-15 00:54 85504 ----a-w- c:windowssystem32iesetup.dll

2012-01-15 00:54 . 2012-01-15 00:54 76800 ----a-w- c:windowssystem32tdc.ocx

2012-01-15 00:54 . 2012-01-15 00:54 49664 ----a-w- c:windowssystem32imgutil.dll

2012-01-15 00:54 . 2012-01-15 00:54 48640 ----a-w- c:windowssystem32mshtmler.dll

2012-01-15 00:54 . 2012-01-15 00:54 448512 ----a-w- c:windowssystem32html.iec

2012-01-15 00:54 . 2012-01-15 00:54 135168 ----a-w- c:windowssystem32IEAdvpack.dll

2012-01-15 00:54 . 2012-01-15 00:54 12288 ----a-w- c:windowssystem32mshta.exe

2012-01-15 00:54 . 2012-01-15 00:54 114176 ----a-w- c:windowssystem32admparse.dll

2012-01-15 00:54 . 2012-01-15 00:54 111616 ----a-w- c:windowssystem32iesysprep.dll

2012-01-15 00:54 . 2012-01-15 00:54 603648 ----a-w- c:windowssystem32vbscript.dll

2012-01-15 00:54 . 2012-01-15 00:54 30720 ----a-w- c:windowssystem32licmgr10.dll

2012-01-15 00:54 . 2012-01-15 00:54 173056 ----a-w- c:windowssystem32ieUnatt.exe

2012-01-15 00:54 . 2012-01-15 00:54 165888 ----a-w- c:windowssystem32iexpress.exe

2012-01-15 00:54 . 2012-01-15 00:54 160256 ----a-w- c:windowssystem32wextract.exe

2011-12-21 00:34 . 2011-09-16 22:09 442088 ----a-w- c:windowssystem32driversbdfsfltr.sys

2011-12-10 22:24 . 2011-02-27 23:20 23152 ----a-w- c:windowssystem32driversmbam.sys

2011-12-06 05:04 . 2011-12-06 05:04 69632 ----a-w- c:windowssystem32OpenVideo64.dll

2011-12-06 05:04 . 2011-12-06 05:04 59904 ----a-w- c:windowsSysWow64OpenVideo.dll

2011-12-06 05:03 . 2011-12-06 05:03 61952 ----a-w- c:windowssystem32OVDecode64.dll

2011-12-06 05:03 . 2011-12-06 05:03 54784 ----a-w- c:windowsSysWow64OVDecode.dll

2011-12-06 05:03 . 2011-12-06 05:03 17580544 ----a-w- c:windowssystem32amdocl64.dll

2011-12-06 05:03 . 2011-12-06 05:03 14499328 ----a-w- c:windowsSysWow64amdocl.dll

2011-12-06 03:45 . 2011-12-06 03:45 10720256 ----a-w- c:windowssystem32driversatikmdag.sys

2011-12-06 03:18 . 2011-12-06 03:18 25371136 ----a-w- c:windowssystem32atio6axx.dll

2011-12-06 03:17 . 2011-12-06 03:17 159744 ----a-w- c:windowssystem32atiapfxx.exe

2011-12-06 03:17 . 2010-09-29 01:55 778752 ----a-w- c:windowsSysWow64aticfx32.dll

2011-12-06 03:16 . 2010-09-29 01:54 933888 ----a-w- c:windowssystem32aticfx64.dll

2011-12-06 03:12 . 2011-12-06 03:12 466944 ----a-w- c:windowssystem32ATIDEMGX.dll

2011-12-06 03:12 . 2011-12-06 03:12 494080 ----a-w- c:windowssystem32atieclxx.exe

2011-12-06 03:11 . 2011-12-06 03:11 235520 ----a-w- c:windowssystem32atiesrxx.exe

2011-12-06 03:10 . 2011-12-06 03:10 120320 ----a-w- c:windowssystem32atitmm64.dll

2011-12-06 03:10 . 2011-12-06 03:10 423424 ----a-w- c:windowssystem32atipdl64.dll

2011-12-06 03:10 . 2011-12-06 03:10 360448 ----a-w- c:windowsSysWow64atipdlxx.dll

2011-12-06 03:10 . 2011-12-06 03:10 278528 ----a-w- c:windowsSysWow64Oemdspif.dll

2011-12-06 03:09 . 2011-12-06 03:09 21504 ----a-w- c:windowssystem32atimuixx.dll

2011-12-06 03:09 . 2011-12-06 03:09 59392 ----a-w- c:windowssystem32atiedu64.dll

2011-12-06 03:09 . 2011-12-06 03:09 43520 ----a-w- c:windowsSysWow64ati2edxx.dll

2011-12-06 03:06 . 2011-04-20 07:59 6159872 ----a-w- c:windowsSysWow64atidxx32.dll

2011-12-06 02:56 . 2011-12-06 02:56 19125760 ----a-w- c:windowsSysWow64atioglxx.dll

2011-12-06 02:51 . 2011-12-06 02:51 7520768 ----a-w- c:windowssystem32atidxx64.dll

2011-12-06 02:39 . 2011-12-06 02:39 1113088 ----a-w- c:windowssystem32atiumd6v.dll

2011-12-06 02:39 . 2011-12-06 02:39 1828864 ----a-w- c:windowsSysWow64atiumdmv.dll

2011-12-06 02:39 . 2011-12-06 02:39 4072960 ----a-w- c:windowssystem32atiumd6a.dll

2011-12-06 02:34 . 2011-12-06 02:34 51200 ----a-w- c:windowssystem32aticalrt64.dll

2011-12-06 02:34 . 2011-12-06 02:34 46080 ----a-w- c:windowsSysWow64aticalrt.dll

2011-12-06 02:34 . 2011-12-06 02:34 44544 ----a-w- c:windowssystem32aticalcl64.dll

2011-12-06 02:34 . 2011-12-06 02:34 44032 ----a-w- c:windowsSysWow64aticalcl.dll

2011-12-06 02:34 . 2011-12-06 02:34 13738496 ----a-w- c:windowssystem32aticaldd64.dll

2011-12-06 02:33 . 2010-09-29 01:28 5919232 ----a-w- c:windowsSysWow64atiumdag.dll

2011-12-06 02:29 . 2011-12-06 02:29 11484672 ----a-w- c:windowsSysWow64aticaldd.dll

2011-12-06 02:28 . 2010-09-29 01:22 4206592 ----a-w- c:windowsSysWow64atiumdva.dll

2011-12-06 02:24 . 2010-09-29 01:21 7511040 ----a-w- c:windowssystem32atiumd64.dll

2011-12-06 02:18 . 2011-06-29 01:04 58880 ----a-w- c:windowssystem32coinst.dll

2011-12-06 02:13 . 2011-12-06 02:13 509952 ----a-w- c:windowssystem32atiadlxx.dll

2011-12-06 02:12 . 2011-12-06 02:12 356352 ----a-w- c:windowsSysWow64atiadlxy.dll

2011-12-06 02:12 . 2011-12-06 02:12 17408 ----a-w- c:windowssystem32atig6pxx.dll

2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:windowsSysWow64atiglpxx.dll

2011-12-06 02:12 . 2011-12-06 02:12 14336 ----a-w- c:windowssystem32atiglpxx.dll

2011-12-06 02:12 . 2011-12-06 02:12 39936 ----a-w- c:windowssystem32atig6txx.dll

2011-12-06 02:12 . 2011-12-06 02:12 33280 ----a-w- c:windowsSysWow64atigktxx.dll

2011-12-06 02:12 . 2011-12-06 02:12 327168 ----a-w- c:windowssystem32driversatikmpag.sys

2011-12-06 02:11 . 2011-12-06 02:11 42496 ----a-w- c:windowssystem32atiuxp64.dll

2011-12-06 02:11 . 2011-04-20 07:21 33280 ----a-w- c:windowsSysWow64atiuxpag.dll

2011-12-06 02:11 . 2010-09-29 01:13 39936 ----a-w- c:windowssystem32atiu9p64.dll

2011-12-06 02:11 . 2010-09-29 01:13 29696 ----a-w- c:windowsSysWow64atiu9pag.dll

2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:windowssystem32atimpc64.dll

2011-12-06 02:10 . 2011-12-06 02:10 54784 ----a-w- c:windowssystem32amdpcom64.dll

2011-12-06 02:10 . 2010-09-29 01:13 45056 ----a-w- c:windowssystem32atitmp64.dll

2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:windowsSysWow64atimpc32.dll

2011-12-06 02:10 . 2011-12-06 02:10 53760 ----a-w- c:windowsSysWow64amdpcom32.dll

2011-12-06 02:10 . 2011-12-06 02:10 53248 ----a-w- c:windowssystem32driversati2erec.dll

2011-12-02 22:18 . 2011-07-15 22:12 258736 ----a-w- c:windowssystem32driversavchv.sys

2011-12-02 02:52 . 2011-12-02 02:52 44544 ----a-w- c:windowsSysWow64msxml4a.dll

2011-11-26 23:08 . 2010-09-23 22:25 18960 ----a-w- c:windowssystem32driversLNonPnP.sys

2011-11-25 16:25 . 2012-01-11 03:11 451072 ----a-w- c:windowssystem32winsrv.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersZachAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersZachAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:usersZachAppDataRoamingDropboxbinDropboxExt.14.dll

.

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 138240]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]

"hpsysdrv"="c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe" [2008-11-20 62768]

"UpdateP2GoShortCut"="c:program files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" [2008-12-04 218408]

"UpdateLBPShortCut"="c:program files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" [2008-12-04 218408]

"UpdatePDIRShortCut"="c:program files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" [2008-12-04 218408]

"UpdatePSTShortCut"="c:program files (x86)CyberLinkCyberLink DVD Suite DeluxeMUITransferMUIStartMenu.exe" [2009-02-02 210216]

"Microsoft Default Manager"="c:program files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" [2009-02-06 224616]

"StartCCC"="c:program files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" [2011-12-06 343168]

"SunJavaUpdateSched"="c:program files (x86)Common FilesJavaJava Updatejusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]

"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAC0ATgBWADIAUQA3AC0AMgBaAEMAVwBTAC0AQgBBAFkAVwBSAC0AQwBDAEUAQgA2AC0AVwBMAEMATQBXAA&inst=NwA2AC0ANQA0ADMAMAA3ADgANwA0ADUALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEALQBEAEQAVAArADQAMQA5ADIANgAtAEQARAA5ADAAKwAxAC0AUwBUADkAMABBAFAAUAArADEA&prod=92&ver=9.0.894" [?]

.

c:programdataMicrosoftWindowsStart MenuProgramsStartup

Ralink Wireless Utility.lnk - c:program files (x86)RalinkCommonRaUI.exe [2012-1-21 13137768]

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]

"Userinit"="c:windowsexplorer.exe,"

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows ntcurrentversionsvchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-02-12 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-695846412-1422135498-510312126-1000Core.job

- c:usersZachAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-08-02 02:10]

.

2012-02-16 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-695846412-1422135498-510312126-1000UA.job

- c:usersZachAppDataLocalGoogleUpdateGoogleUpdate.exe [2011-08-02 02:10]

.

2011-04-30 c:windowsTasksPCDRScheduledMaintenance.job

- c:program filesPC-Doctor for Windowspcdr5cuiw32.exe [2009-02-02 18:59]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersZachAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersZachAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersZachAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersDropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOTCLSID{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 97792 ----a-w- c:usersZachAppDataRoamingDropboxbinDropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers__SafeBox1]

@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"

[HKEY_CLASSES_ROOTCLSID{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]

2011-12-22 20:13 264344 ----a-w- c:program filesBitdefenderBitdefender Safeboxsafeboxshell.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers__SafeBox2]

@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"

[HKEY_CLASSES_ROOTCLSID{342DAA0B-D796-460D-8566-901E08A1CCAD}]

2011-12-22 20:13 264344 ----a-w- c:program filesBitdefenderBitdefender Safeboxsafeboxshell.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers__SafeBox3]

@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"

[HKEY_CLASSES_ROOTCLSID{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]

2011-12-22 20:13 264344 ----a-w- c:program filesBitdefenderBitdefender Safeboxsafeboxshell.dll

.

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiers__SafeBox4]

@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"

[HKEY_CLASSES_ROOTCLSID{33816773-98AE-4723-ADE0-EBE54C8B5A67}]

2011-12-22 20:13 264344 ----a-w- c:program filesBitdefenderBitdefender Safeboxsafeboxshell.dll

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]

"IAAnotif"="c:program files (x86)IntelIntel Matrix Storage Manageriaanotif.exe" [2008-12-04 186904]

"IgfxTray"="c:windowssystem32igfxtray.exe" [2009-03-05 154648]

"HotKeysCmds"="c:windowssystem32hkcmd.exe" [2009-03-05 227352]

"Persistence"="c:windowssystem32igfxpers.exe" [2009-03-05 202264]

"BDAgent"="c:program filesBitdefenderBitdefender 2012bdagent.exe" [2012-02-03 1066744]

"EvtMgr6"="c:program filesLogitechSetPointPSetPoint.exe" [2011-10-07 1744152]

.

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page =

uLocal Page = c:windowssystem32blank.htm

mStart Page =

mLocal Page = c:windowsSysWOW64blank.htm

IE: &Download by Orbit - c:program files (x86)Orbitdownloaderorbitmxt.dll/201

IE: &Grab video by Orbit - c:program files (x86)Orbitdownloaderorbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:program files (x86)Orbitdownloaderorbitmxt.dll/203

IE: Down&load all by Orbit - c:program files (x86)Orbitdownloaderorbitmxt.dll/202

IE: E&xport to Microsoft Excel - c:progra~2MICROS~4Office12EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%SysWow64browseui.dll

FF - ProfilePath - c:usersZachAppDataRoamingMozillaFirefoxProfiles8dcmsll8.default

FF - prefs.js: browser.search.selectedEngine -

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-JumiController - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:program files (x86)Windows Media PlayerWMPNSCFG.exe

Wow6432Node-HKLM-Run-WinampAgent - c:program files (x86)Winampwinampa.exe

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:program files (x86)Hotspot ShieldHssIEHssIE_64.dll

HKLM-Run-SmartMenu - c:program files (x86)Hewlett-PackardHP MediaSmartSmartMenu.exe

.

.

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesNorton Internet Security]

"ImagePath"=""c:program files (x86)Norton Internet SecurityEngine16.0.0.125ccSvcHst.exe" /s "Norton Internet Security" /m "c:program files (x86)Norton Internet SecurityEngine16.0.0.125diMaster.dll" /prefetch:1"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesnpggsvc]

"ImagePath"="c:windowssystem32GameMon.des -service"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesPCDSRVC{F36B3A4C-F95654BD-06000000}_0]

"ImagePath"="??c:program filespc-doctor for windowspcdsrvc_x64.pkms"

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesX6va005]

"ImagePath"="??c:usersZachAppDataLocalTemp0057408.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]

@Denied: (A 2) (Everyone)

@SACL=

@="FlashBroker"

"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil10a.exe,-101"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{0BE09CC1-42E0-11DD-AE16-0800200C9A66}Elevation]

@SACL=

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{0BE09CC1-42E0-11DD-AE16-0800200C9A66}LocalServer32]

@SACL=

@="c:WindowsSysWow64MacromedFlashFlashUtil10a.exe"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{0BE09CC1-42E0-11DD-AE16-0800200C9A66}TypeLib]

@SACL=

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@SACL=

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Control]

@SACL=

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}EnableFullPage]

@SACL=

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Implemented Categories]

@SACL=

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]

@SACL=

@="c:WindowsSysWow64MacromedFlashFlash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]

@SACL=

@="0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]

@SACL=

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Programmable]

@SACL=

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@SACL=

@="c:WindowsSysWow64MacromedFlashFlash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]

@SACL=

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]

@SACL=

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@SACL=

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@SACL=

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Control]

@SACL=

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]

@SACL=

@="c:WindowsSysWow64MacromedFlashFlash10a.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]

@SACL=

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Programmable]

@SACL=

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]

@SACL=

@="c:WindowsSysWow64MacromedFlashFlash10a.ocx, 1"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]

@SACL=

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]

@SACL=

@="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]

@SACL=

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]

@Denied: (A 2) (Everyone)

@SACL=

@="IFlashBroker2"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}ProxyStubClsid]

@Denied: (A 2) (Everyone)

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}ProxyStubClsid32]

@SACL=

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}TypeLib]

@SACL=

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@SACL=

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{D27CDB6B-AE6D-11CF-96B8-444553540000}1.0]

@SACL=

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@SACL=

@=""

.

[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeTypeLib{FAB3E735-69C7-453B-A446-B6823C6DF1C9}1.0]

@SACL=

@="FlashBroker"

.

[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClasses]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0001AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

------------------------ Other Running Processes ------------------------

.

c:program files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

c:program files (x86)SeagateSeagateManagerSyncFreeAgentService.exe

c:program files (x86)Common FilesLightScribeLSSrvc.exe

c:program files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe

.

**************************************************************************

.

Completion time: 2012-02-15 20:15:38 - machine was rebooted

ComboFix-quarantined-files.txt 2012-02-16 03:15

.

Pre-Run: 323,291,262,976 bytes free

Post-Run: 322,274,340,864 bytes free

.

- - End Of File - - 2CF15C3F7D741B52A95AE13C3090AFF5

Link to comment
Share on other sites

Ok so i restarted and i think that fixed the graphics error but now when i try to open up mozilla firefox all i get is a "freeze frame" of my desktop within the firefox window. I tried using internet explorer but i just got a blank white page and wasn't able to navigate to any page. Im currently replying thru safari as it seems to be the only browser i have that is working. Gah one thing after another, thats usually how it goes i guess =P again i'd like to thank you for your immense help i wouldn't be able to do this without your help i'd be completely lost.

Link to comment
Share on other sites

Hi. :)

 

ill attempt a restart and see if that fixes it.

OK.

 

also im not sure if this is relevant or not but i just noticed that after the reset this:

A internet explorer .exe titled "The Internet" lol

Not a cause for concern, ComboFix as part of its routine places a shortcut for IE on the Desktop. You may delete this if you so wish when I give the all clear, as no point now because we will be using ComboFix again in due course...

 

Ok so i restarted and i think that fixed the graphics error but now when i try to open up mozilla firefox all i get is a "freeze frame" of my desktop within the firefox window. I tried using internet explorer but i just got a blank white page and wasn't able to navigate to any page. Im currently replying thru safari as it seems to be the only browser i have that is working. Gah one thing after another, thats usually how it goes i guess =P again i'd like to thank you for your immense help i wouldn't be able to do this without your help i'd be completely lost.

 

I think this particular problem may be related to a issue with userinit.exe as ComboFix is reporting it is infected. The actual SysWoW64 (Windows 32-bit on Windows 64-bit) version of the file.

 

Why the prior online scan did not flag this I am not sure to be honest but any such is only as good as the database in use. So in all likely hood it has been patched by malware.

 

However too err on the side of caution I would like you to upload a copy of the aforementioned file to be double checked. We will also see if any other versions on-board that can be used if indeed it is patched.

 

You are also most welcome RE my continued assistance!

 

Next:

 

Ensure hidden files are visible via checking as follows:-

  • Click Start(Vista Orb).
  • Open Computer.
  • Press the ALT key.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Now please go to my file submission channel here.

 

Next to the box:- Link to topic where this file was requested: Add in the below:-

 

http://forums.pcpitstop.com/index.php?/topic/197993-computer-keeps-freezing-hjt-log/

Next to the box: Browse to the file you want to submit: click on the Browse... tab and navigate to the below:-

 

C:windowsSysWow64userinit.exe

 

Then click on the Send File tab. I will be notified when the file has been uploaded and checked.

 

Next:

 

Please download SystemLook from one of the links below and save it to your Desktop.

 

Download Mirror #1

Download Mirror #2

  • Right-click on SystemLook.exe and select Run as Administrator to run it.
  • Copy the content of the following codebox into the main textfield:

     

    :filefind
    userinit.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Link to comment
Share on other sites

here is the scan you've requested.

 

 

SystemLook 30.07.11 by jpshortstuff

Log created at 19:43 on 16/02/2012 by Zach

Administrator - Elevation successful

 

========== filefind ==========

 

Searching for "userinit.exe"

C:WindowsERDNTcache64userinit.exe --a---- 28160 bytes [03:14 16/02/2012] [02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE

C:WindowsERDNTcache86userinit.exe --a---- 25088 bytes [03:14 16/02/2012] [02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

C:WindowsSystem32userinit.exe --a---- 28160 bytes [02:49 21/01/2008] [02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE

C:WindowsSysWOW64userinit.exe --a---- 25088 bytes [02:50 21/01/2008] [02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941userinit.exe --a---- 28160 bytes [02:49 21/01/2008] [02:49 21/01/2008] A0AB2BB9A92293D9CE66E252719AB5FE

C:Windowswinsxsx86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80buserinit.exe --a---- 25088 bytes [02:50 21/01/2008] [02:50 21/01/2008] 0E135526E9785D085BCD9AEDE6FBCBF9

 

-= EOF =-

Link to comment
Share on other sites

Hi. :)

 

here is the scan you've requested.

Thanks and for the file upload also. Lets procced as follows shall we...

 

Custom ComboFix-Script:

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote-box below(do not copy the word quote):

    FCopy::

    C:Windowswinsxsamd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941userinit.exe | C:windowsSysWow64userinit.exe

     

    Folder::

    c:program files (x86)Norton Internet Security

     

    Registry::

    [-HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesNorton Internet Security]

    [HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRunOnce]

    "AvgUninstallURL"=-

     

    Reboot::

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Posted Image

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
Malwarebytes Anti-Malware:

 

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • New ComboFix Log.
  • Malwarebytes Anti-Malware Log.
Link to comment
Share on other sites

My computer is running ok, not great. Every time i try to open firefox (my preferred browser) it gives me a clear looking screen, basically a "freeze frame" of what was open before i openend firefox. Pretty much just a see-through window. And when i go to open minecraft the game im playing it gives me a black window. I can click through and operate the window after i login it operates normally. I can see what is going on and it returns to normal. The same thing happens with firefox i can click the buttons and links where they normally are and it will work but its like going into a pitchblack room and trying to turn on a lightswitch. I haven't encountered a freeze as of yet.

 

After my computer restarted from the ComboFix a log didn't pop up so i went into C:ComboFix to see if i could find it and i opened one txt file titled ComboFix and it appeared to be a log but im not sure.

 

 

ComboFix 12-02-15.01 - Zach 02/17/2012 16:17:13.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4537 [GMT -7:00]

Running from: C:UsersZachDesktopComboFix.exe

Command switches used :: C:UsersZachDesktopCFScript.txt

AV: Bitdefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

SP: Bitdefender Antispyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

 

If thats not it feel free to tell me where to find the correct logfile so i can get it to you.

 

Also as for the MBAM log there were no viruses found but here is the log file anyways.

 

 

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

 

Database version: v2012.02.12.04

 

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Zach :: ZACH-PC [administrator]

 

2/17/2012 5:35:44 PM

mbam-log-2012-02-17 (17-35-44).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 188522

Time elapsed: 4 minute(s),

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

Link to comment
Share on other sites

Hi. :)

 

My computer is running ok, not great.

OK, good but not great as you mentioned. We will try to rectify such once I am satisfied your machine is malware free. Though I strongly advise advise again you steer clear of anything P2P related...

 

Every time i try to open firefox (my preferred browser) it gives me a clear looking screen, basically a "freeze frame" of what was open before i openend firefox. Pretty much just a see-through window. And when i go to open minecraft the game im playing it gives me a black window. I can click through and operate the window after i login it operates normally. I can see what is going on and it returns to normal. The same thing happens with firefox i can click the buttons and links where they normally are and it will work but its like going into a pitchblack room and trying to turn on a lightswitch.

Entirely feasible the actual browsers engine/software has been corrupted/damaged by malware removed so far. Plus your version is way out of date anyway(8.0.1)...

 

So lets try a update as follows:-

 

Launch the browser >> Tools >> Check for Updates...

 

Or altnatively unistall the browser and re-download and install from here (this will not affect your user settings if you opt to keep them during the uninstall process I will further add).

 

Next:

 

I haven't encountered a freeze as of yet.

Good...

 

Next:

 

After my computer restarted from the ComboFix a log didn't pop up so i went into C:ComboFix to see if i could find it and i opened one txt file titled ComboFix and it appeared to be a log but im not sure.

The log can be found at:-

 

C:ComboFix2.txt

 

Post the entire contents if available please and we will go from there, thank you.

Link to comment
Share on other sites

I've actually already upgraded firefox to 10.0.2 and the problem is still occurring.

 

as for the log C:ComboFix2.txt, no such file is found.

 

another (not neccessarily issue just odd) thing found is that my windows Scheme/Style/etc. seems to have changed from what i previously had setup to what is called "Windows vista Basic" and i can't find the old style that i was using. (not a major issue at all just something odd i noticed.)

Link to comment
Share on other sites

Hi. :)

 

Strange the actual new ComboFix log cannot be located but we can come back to this if the need.

 

Anyway lets see if a Start-Up Repair will be of any help as follows...Plus we will carry out another scan etc.

 

Vista Startup Repair:

 

Visit this Microsoft page, then click on How do I use Startup Repair?

 

Scroll down to:-

 

If Startup Repair is a preinstalled recovery option on your computer:

 

And follow the instructions.

 

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

 

Panda Online Scan:

 

Use Internet Explorer for the below scan...

 

Vista users: You will need to to right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

 

Please go here to run Panda's ActiveScan.

  • Once you are on the Panda site, click the Scan your PC button
  • A new window will open...click the Scan Now button
  • Allow the ActiveX control to be installed. It will start downloading the files it requires for the scan. Note: This may take a couple of minutes
  • Run the ActiveX control, if requested. The screen will then show the scanning progress - the scan will take a while to finish. Please be patient.
  • When the scan has finished, click on Export To
  • Save the file as Activescan.txt to your Desktop
  • Close the Activescan window then go to your Desktop
  • Double-click on Activescan.txt and it will open in Notepad
  • In Notepad, click Edit > Select all, then Edit > Copy
  • Reply to this thread and click Ctrl+V to paste the log in your reply
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • ActiveScan Log.
Link to comment
Share on other sites

The startup repair went ok, it said that nothing was wrong and startup repair was running fine so it stopped there. TFC went fine also it cleaned all the temp files, i believe the size it cleaned was around 75 mb not completely sure. I was unable to run Panda's Active scan because Internet Explorer is doing the same thing as firefox and just giving me a clear frozen screen. Other then that everything is going ok so far, no freezes yet. But my Ralink Wireless manager doesn't startup when i turn my computer on anymore along with my Catalyst Control Center wich in msconfig it shows them as run on startup

 

 

EDIT:

Update on firefox issue. I decided to try it in compatability mode for windows xp sp2 and it seemed to run ok but as soon as i tried to type in the url bar the screen froze like normal.

 

EDIT 2:

Also the "call" screen for skype is clear and frozen too, and its just the call screen not the chat bottom half.

 

EDIT 3:

Guess I spoke too soon my computer just now froze again.

Edited by Z4CK56
Link to comment
Share on other sites

Hi. :)

 

OK since some compatibility issues you mentioned, carry out the following for me please...

 

Vista-System File Checker:

  • Click on Start(Vista Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue in the UAC prompt.
  • At the Command Prompt C:WindowsSystem32> type in the following exactly:
  • CD C:
  • Then depress the Enter/Return key, then type in the following exactly:
  • sfc /scannow
  • Then depress the Enter/Return key.
Note: This may take awhile to finish. When completed close the Administrator Command Prompt window, via typing Exit then depress the Enter/Return key.

 

Reset IE9:

  • Please download this Microsoft FixIt and save it to the desktop.
  • Double click on MicrosoftFixit50195.exe select I Agree and click on Next.
  • Follow the on-screen prompts.
  • You may delete MicrosoftFixit50195.exe when finished and or keep it if any problems in the future with IE9.
  • Next time IE9 is launched you will be prompted to reapply settings again, this is normal.
Note: Any add-ons will require to be reapplied after the above reset. However do not for the time being.

 

Reset FireFox:

  • Click on Start >> Run...
  • Enter the following command:

    firefox.exe -safe-mode
  • Click on OK.
  • In the open window, select both Disable all add-ons & Reset all preferences to default Firefox.
  • Click on Make the changes and restart.
Next:

 

Try your machine online for a bit and see if any of the further issues you mentioned and we will go from there, thank you.

Link to comment
Share on other sites

well, the system file checker went smoothly and so did the reset of both web browsers. But the problem is still persisting with the web browsers. I figured i would get you some screenshots of what is exactly going on as that might provide a better explanation of what is happening than me trying to explain it.

 

sfc also said there was a log file but i closed the command prompt thinking "psh yeah i'll remember where to check for it" and then i went on to attempt to fix ie and firefox and well now i forgot.

 

Internet Explorer:

shows internet explorer showing a frozen image of this page from safari.

http://i.imgur.com/yHyp4.jpg

 

Mozilla Firefox:

showing a frozen screen with my start menu up.

http://i.imgur.com/JR0Qb.jpg

 

showing a frozen screen of mozilla firefox attempting to close.

http://i.imgur.com/6hksV.jpg

 

Skype:

showing a frozen image where the call screen usually is.

http://i.imgur.com/9sC2I.jpg

 

Windows Media Viewer/Center:

showing a frozen image of my pictures folder where the picture im viewing is supposed to be.

http://i.imgur.com/DjE62.jpg

 

 

the only reason i included skype and windows picture viewer is because it seems the issue is somehow related. Hope this helps explain the issue better.

 

EDIT:

 

Computer just now froze again.

Edited by Z4CK56
Link to comment
Share on other sites

Hi. :)

 

well, the system file checker went smoothly and so did the reset of both web browsers. But the problem is still persisting with the web browsers. I figured i would get you some screenshots of what is exactly going on as that might provide a better explanation of what is happening than me trying to explain it.

OK, if SFC found no errors/replaced nothing I would have no need to review its log anyway. Thanks for the screen-shots.

 

sfc also said there was a log file but i closed the command prompt thinking "psh yeah i'll remember where to check for it" and then i went on to attempt to fix ie and firefox and well now i forgot.

Not a problem. Lets scan your machine with a few different applications so I can try and work out what exactly is causing the current freezing issues as follows...

 

Scan with RogueKiller:

 

Please download RogueKiller to your desktop

 

Alternate download is here.

  • Quit all running programs
  • Right-click on RogueKiller.exe and select Run as Administrator to start the application.
  • Let the pre-scan complete, then click on the Scan tab
  • The RKreport.txt shall be generated next to the executable along with a zip file named RK_Quarantine.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

 

Scan with DDS:

 

Please download DDS and save it to your Desktop from here.

 

Alternate downloads are here or here.

  • Disable any script blocker, and then double click on DDS to run the tool.
  • When done, DDS will open two logs:
  • DDS.txt <-- Will be opened
  • Attach.txt <-- Will be minimized
  • Save both reports to your desktop.
  • Please post the contents of these two Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • RogueKiller Log.
  • Both DDS logs. <-- Post them individually please, IE: one Log per post/reply.
Link to comment
Share on other sites

My computer is running ok so far, but i just booted it up from getting home. As for the problem with mozilla, i can only get one letter in the address bar before it freezes. and for ie, same issue, all the webpages i visit are blank/frozen.

 

Regarding the sfc, it actually did tell me it found some errors that it was unable to fix.

 

 

RogueKiller V7.1.0 [02/15/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

 

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Zach [Admin rights]

Mode: Scan -- Date: 02/22/2012 14:58:49

 

¤¤¤ Bad processes: 0 ¤¤¤

 

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU[...]Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKLM[...]NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM[...]NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver: [NOT LOADED] ¤¤¤

 

¤¤¤ Infection : ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD6400AAKS-65A7B2 +++++

--- User ---

[MBR] 5e7d37f348060595b0245f3204cc1081

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

+++++ PhysicalDrive1: Generic- Compact Flash USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

 

+++++ PhysicalDrive2: Generic- SM/xD-Picture USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

 

+++++ PhysicalDrive3: Generic- SD/MMC USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

 

+++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++

Error reading User MBR!

User = LL1 ... OK!

Error reading LL2 MBR!

 

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to comment
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: DeviceHarddiskVolume1

Install Date: 9/21/2010 7:56:24 PM

System Uptime: 2/22/2012 2:48:57 PM (1 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 283.482 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 2.159 GiB free.

E: is CDROM (UDF)

F: is FIXED (NTFS) - 932 GiB total, 780.324 GiB free.

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Officejet J4680 series

Device ID: ROOTIMAGE0000

Manufacturer: HP

Name: Officejet J4680 series

PNP Device ID: ROOTIMAGE0000

Service: StillCam

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Virtual Audio Cable

Device ID: ROOTMEDIA0000

Manufacturer: EuMus Design

Name: Virtual Audio Cable

PNP Device ID: ROOTMEDIA0000

Service: EuMusDesignVirtualAudioCableWdm

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet J4680 series

Device ID: ROOTMULTIFUNCTION0000

Manufacturer: HP

Name: Officejet J4680 series

PNP Device ID: ROOTMULTIFUNCTION0000

Service:

.

==== System Restore Points ===================

.

.

==== Installed Programs ======================

.

µTorrent

4660_4680_Help

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Community Help

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.2)

Adobe Widget Browser

AMD System Monitor

Any Video Converter 3.2.7

Apple Application Support

Apple Software Update

Auslogics Disk Defrag

Borderlands

BPD_HPSU

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

CraftBukkit v8.2

Curse Client

CustomerResearchQFolder

CyberLink DVD Suite Deluxe

D3DX10

Default Manager

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DirectX for Managed Code Update (Summer 2004)

DivX Setup

DocMgr

DocProc

DocProcQFolder

Dropbox

eReg

ERUNT 1.1j

eSupportQFolder

Fax

FLV Player 2.0 (build 25)

FormatFactory 2.90

Fraps

FrostWire 4.21.8

GameSpy Arcade

GIMP 2.6.11

Google Chrome

GPBaseService

Handbrake 0.9.4

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP Odometer

HP Photosmart Essential 2.5

HP Picasso Media Center Add-In

HP Product Detection

HP Recovery Manager RSS

HP Support Information

HP Update

HPAsset component for HP Active Support Library

HPProductAssistant

HPSSupply

HydraVision

ImgBurn

J4680

Java Auto Updater

Java 6 Update 31

LabelPrint

Left 4 Dead 2

LightScribe System Software

Malwarebytes Anti-Malware version 1.60.1.1000

MarketResearch

Microsoft Live Search Toolbar

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft XNA Framework Redistributable 3.0

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Minecraft Note Block Studio version 3.1.0

Mozilla Firefox 10.0.2 (x86 en-US)

MSI Afterburner 2.1.0

MSI Kombustor 2.0.0

MSVCRT

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

Notepad++

NVIDIA PhysX v8.10.29

OpenOffice.org 3.3

Orbit Downloader

Pando Media Booster

Pinnacle Bender 64-bit

Pinnacle Studio 12

Pokemon World Online version 1.81

Power2Go

PowerDirector

Privoxy (remove only)

ProductContext

Project64 1.6

PSSWCORE

Python 2.6 pywin32-212

Python 2.6.1

QuickTime

Ralink RT2860 Wireless LAN Card

Realtek High Definition Audio Driver

Revo Uninstaller 1.91

Safari

Scan

Seagate Manager Installer

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Segoe UI

ShotOnline

Skype Click to Call

Skype™ 5.8

SmartWebPrintingOC

SolutionCenter

SpeedFan (remove only)

Spiral Knights

Standalone Flash Player 1.2

Status

Steam

Stronghold 2 Deluxe

Stronghold 3

Stronghold Crusader

Stronghold Kingdoms

System Requirements Lab for Intel

TeamViewer 6

TeamViewer 7

Toolbox

TrayApp

TVersity Codec Pack 1.2

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

VC80CRTRedist - 8.0.50727.4053

VideoToolkit01

Visual C++ 8.0 Runtime Setup Package (x64)

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinPcap 4.1.2

World of Warcraft

X-Chat 2.8.6-2

.

==== Event Viewer Messages From Past Week ========

.

2/22/2012 2:52:13 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep i8042prt SRTSP SRTSPX trufos

2/22/2012 2:52:13 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

2/22/2012 2:50:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Ralink UPnP Media Server service to connect.

2/22/2012 2:50:57 PM, Error: Service Control Manager [7000] - The Ralink Registry Writer service failed to start due to the following error: The system cannot find the file specified.

2/22/2012 2:50:57 PM, Error: Service Control Manager [7000] - The Ralink Registry Writer 64 service failed to start due to the following error: The system cannot find the file specified.

2/21/2012 5:28:36 PM, Error: EventLog [6008] - The previous system shutdown at 5:26:10 PM on 2/21/2012 was unexpected.

2/21/2012 3:09:33 PM, Error: EventLog [6008] - The previous system shutdown at 9:19:54 PM on 2/20/2012 was unexpected.

2/20/2012 12:26:18 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

2/17/2012 4:27:10 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

2/17/2012 4:26:35 PM, Error: Application Popup [1060] - ??C:ComboFixcatchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

2/17/2012 4:14:35 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).

2/17/2012 4:14:35 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).

2/17/2012 4:00:32 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.

2/16/2012 8:14:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

2/16/2012 8:14:42 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/16/2012 8:14:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/16/2012 5:43:44 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.177 for the Network Card with network address 00212F38291F has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

2/15/2012 8:11:25 PM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: A device attached to the system is not functioning.

2/15/2012 7:20:42 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SRTSP SRTSPX trufos

.

==== End Of File ===========================

Link to comment
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Zach at 15:00:04 on 2012-02-22

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4282 [GMT -7:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}

SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}

FW: Bitdefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}

.

============== Running Processes ===============

.

C:Windowssystem32wininit.exe

C:Windowssystem32lsm.exe

C:Windowssystem32svchost.exe -k DcomLaunch

C:Program FilesBitdefenderBitdefender 2012vsserv.exe

C:Windowssystem32svchost.exe -k rpcss

C:Windowssystem32atiesrxx.exe

C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted

C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted

C:Windowssystem32svchost.exe -k netsvcs

C:Windowssystem32svchost.exe -k GPSvcGroup

C:Windowssystem32SLsvc.exe

C:Windowssystem32svchost.exe -k LocalService

C:Windowssystem32atieclxx.exe

C:Windowssystem32svchost.exe -k NetworkService

C:Windowssystem32WLANExt.exe

C:WindowsSystem32spoolsv.exe

C:Windowssystem32svchost.exe -k LocalServiceNoNetwork

C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe

C:Program FilesLSI SoftModemagr64svc.exe

C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe

C:Program FilesBonjourmDNSResponder.exe

C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe

C:WindowsSysWOW64svchost.exe -k hpdevmgmt

c:Program Files (x86)Common FilesLightScribeLSSrvc.exe

C:WindowsSystem32svchost.exe -k HPZ12

C:WindowsSystem32svchost.exe -k HPZ12

C:Windowssystem32svchost.exe -k NetworkServiceNetworkRestricted

C:Windowssystem32taskeng.exe

C:Windowsexplorer.exe

C:Program FilesBitdefenderBitdefender 2012bdagent.exe

C:Program FilesBitdefenderBitdefender SafeBoxsafeboxservice.exe

C:Windowssystem32svchost.exe -k imgsvc

C:Program FilesBitdefenderBitdefender 2012updatesrv.exe

C:WindowsSystem32svchost.exe -k WerSvcGroup

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE

C:Windowssystem32SearchIndexer.exe

C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe

C:Windowssystem32WUDFHost.exe

C:Program Files (x86)IntelIntel Matrix Storage ManagerIAANTMon.exe

C:Windowssystem32taskeng.exe

C:Windowssystem32svchost.exe -k HPService

C:Program FilesWindows Media Playerwmpnscfg.exe

C:Program FilesWindows Media Playerwmpnetwk.exe

C:Windowssystem32wbemwmiprvse.exe

C:Windowssystem32wbemunsecapp.exe

C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation

c:Program Files (x86)Hewlett-PackardHP Health Checkhphc_service.exe

C:Windowssystem32wbemwmiprvse.exe

C:WindowsservicingTrustedInstaller.exe

C:Windowssystem32DllHost.exe

C:Windowssystem32DllHost.exe

C:WindowsSysWOW64cmd.exe

C:WindowsSysWOW64cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt

mStart Page =

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:Program Files (x86)MSNToolbar3.0.0552.0msneshellx.dll

uRun: [ehTray.exe] C:WindowsehomeehTray.exe

mRun: [hpsysdrv] c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe

mRun: [updateP2GoShortCut] "c:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"

mRun: [updateLBPShortCut] "c:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"

mRun: [updatePDIRShortCut] "c:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"

mRun: [updatePSTShortCut] "c:Program Files (x86)CyberLinkCyberLink DVD Suite DeluxeMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkCyberLink DVD Suite Deluxe" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"

mRun: [Microsoft Default Manager] "c:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume

mRun: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun: [combofix] C:ComboFixCF25554.3XE /c C:ComboFixCombobatch.bat

mRunOnce: [combofix] C:ComboFixCF25554.3XE /c C:ComboFixCombobatch.bat

StartupFolder: C:PROGRA~3MICROS~1WindowsSTARTM~1ProgramsStartupRALINK~1.LNK - C:Program Files (x86)RalinkCommonRaUI.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:Program Files (x86)HPDigital ImagingSmart Web Printinghpswp_BHO.dll

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces{8AC38E91-358B-4B65-A39D-007F67156745} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:Program Files (x86)SkypeToolbarsInternet Explorerskypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~2COMMON~1SkypeSKYPE4~1.DLL

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:Program Files (x86)MSNToolbar3.0.0552.0msneshellx.dll

mRun-x64: [hpsysdrv] c:program files (x86)hewlett-packardHP odometerhpsysdrv.exe

mRun-x64: [updateP2GoShortCut] "c:Program Files (x86)CyberLinkPower2GoMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkPower2Go" UpdateWithCreateOnce "SOFTWARECyberLinkPower2Go6.0"

mRun-x64: [updateLBPShortCut] "c:Program Files (x86)CyberLinkLabelPrintMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkLabelPrint" UpdateWithCreateOnce "SoftwareCyberLinkLabelPrint2.5"

mRun-x64: [updatePDIRShortCut] "c:Program Files (x86)CyberLinkPowerDirectorMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkPowerDirector" UpdateWithCreateOnce "SOFTWARECyberLinkPowerDirector7.0"

mRun-x64: [updatePSTShortCut] "c:Program Files (x86)CyberLinkCyberLink DVD Suite DeluxeMUITransferMUIStartMenu.exe" "c:Program Files (x86)CyberLinkCyberLink DVD Suite Deluxe" UpdateWithCreateOnce "SoftwareCyberLinkPowerStarter"

mRun-x64: [Microsoft Default Manager] "c:Program Files (x86)MicrosoftSearch Enhancement PackDefault ManagerDefMgr.exe" -resume

mRun-x64: [startCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun

mRun-x64: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:Program Files (x86)Common FilesJavaJava Updatejusched.exe"

mRun-x64: [combofix] C:ComboFixCF25554.3XE /c C:ComboFixCombobatch.bat

mRunOnce-x64: [combofix] C:ComboFixCF25554.3XE /c C:ComboFixCombobatch.bat

.

================= FIREFOX ===================

.

FF - ProfilePath - C:UsersZachAppDataRoamingMozillaFirefoxProfiles6rikcxu1.default

FF - plugin: C:PROGRA~2MEADCO~1npmeadax.dll

FF - plugin: C:Program Files (x86)AdobeReader 10.0ReaderAIRnppdf32.dll

FF - plugin: C:Program Files (x86)DivXDivX OVS Helpernpovshelper.dll

FF - plugin: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll

FF - plugin: C:Program Files (x86)Javajre6binplugin2npdeployJava1.dll

FF - plugin: C:Program Files (x86)Javajre6binplugin2npjp2.dll

FF - plugin: C:Program Files (x86)Microsoft Silverlight4.1.10111.0npctrlui.dll

FF - plugin: C:Program Files (x86)Mozilla FirefoxpluginsnpdeployJava1.dll

FF - plugin: C:Program Files (x86)Pando NetworksMedia BoosternpPandoWebPlugin.dll

FF - plugin: C:UsersZachAppDataLocalGoogleUpdate1.3.21.99npGoogleUpdate3.dll

FF - plugin: C:UsersZachAppDataLocalLowUnityWebPlayerloadernpUnity3D32.dll

FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 avc3;avc3;C:Windowssystem32DRIVERSavc3.sys --> C:Windowssystem32DRIVERSavc3.sys [?]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:Program FilesCommon FilesBitdefenderBitdefender Firewallbdfndisf6.sys [2011-3-1 90192]

R1 BDVEDISK;BDVEDISK;C:Windowssystem32DRIVERSbdvedisk.sys --> C:Windowssystem32DRIVERSbdvedisk.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:Program Files (x86)Common FilesAdobeARM1.0armsvc.exe [2012-1-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:Windowssystem32atiesrxx.exe --> C:Windowssystem32atiesrxx.exe [?]

R2 cpuz135;cpuz135;??C:Windowssystem32driverscpuz135_x64.sys --> C:Windowssystem32driverscpuz135_x64.sys [?]

R2 FontCache;Windows Font Cache Service;C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 FreeAgentGoNext Service;Seagate Service;C:Program Files (x86)SeagateSeagateManagerSyncFreeAgentService.exe [2009-9-25 189736]

R2 NPF;NetGroup Packet Filter Driver;C:Windowssystem32driversnpf.sys --> C:Windowssystem32driversnpf.sys [?]

R2 SafeBox;SafeBox;C:Program FilesBitdefenderBitdefender Safeboxsafeboxservice.exe [2011-7-22 75384]

R2 sxuptp;SXUPTP Driver;C:Windowssystem32DRIVERSsxuptp.sys --> C:Windowssystem32DRIVERSsxuptp.sys [?]

R2 UPDATESRV;BitDefender Desktop Update Service;C:Program FilesBitdefenderBitdefender 2012updatesrv.exe [2011-7-22 62512]

R3 amdkmdag;amdkmdag;C:Windowssystem32DRIVERSatikmdag.sys --> C:Windowssystem32DRIVERSatikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:Windowssystem32DRIVERSatikmpag.sys --> C:Windowssystem32DRIVERSatikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:Windowssystem32driversAtihdLH6.sys --> C:Windowssystem32driversAtihdLH6.sys [?]

R3 avchv;avchv Function Driver;C:Windowssystem32DRIVERSavchv.sys --> C:Windowssystem32DRIVERSavchv.sys [?]

R3 avckf;avckf;C:Windowssystem32DRIVERSavckf.sys --> C:Windowssystem32DRIVERSavckf.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:Windowssystem32DRIVERSLEqdUsb.Sys --> C:Windowssystem32DRIVERSLEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:Windowssystem32DRIVERSLHidEqd.Sys --> C:Windowssystem32DRIVERSLHidEqd.Sys [?]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:Windowssystem32DRIVERSnetr28x.sys --> C:Windowssystem32DRIVERSnetr28x.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:WindowsMicrosoft.NETFrameworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:WindowsMicrosoft.NETFramework64v4.0.30319mscorsvw.exe [2010-3-18 138576]

S2 RalinkRegistryWriter;Ralink Registry Writer;C:Program Files (x86)AirLink101AWLH6075CommonRalinkRegistryWriter.exe --> C:Program Files (x86)AirLink101AWLH6075CommonRalinkRegistryWriter.exe [?]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:Program Files (x86)AirLink101AWLH6075CommonRalinkRegistryWriter64.exe --> C:Program Files (x86)AirLink101AWLH6075CommonRalinkRegistryWriter64.exe [?]

S2 RaMediaServer;Ralink UPnP Media Server;C:Program Files (x86)RalinkCommonRaMediaServer.exe [2012-1-21 625728]

S2 SkypeUpdate;Skype Updater;C:Program Files (x86)SkypeUpdaterUpdater.exe [2012-1-31 158856]

S3 bdsandbox;bdsandbox;??C:Windowssystem32driversbdsandbox.sys --> C:Windowssystem32driversbdsandbox.sys [?]

S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);C:Windowssystem32DRIVERSvrtaucbl.sys --> C:Windowssystem32DRIVERSvrtaucbl.sys [?]

S3 jumi;%Jumi%;C:Windowssystem32DRIVERSjumi.sys --> C:Windowssystem32DRIVERSjumi.sys [?]

S3 MBAMProtector;MBAMProtector;??C:Windowssystem32driversmbam.sys --> C:Windowssystem32driversmbam.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:Windowssystem32GameMon.des -service --> C:Windowssystem32GameMon.des -service [?]

S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:Program FilesPC-Doctor for Windowspcdsrvc_x64.pkms [2009-2-2 23536]

S3 PerfHost;Performance Counter DLL Host;C:WindowsSysWOW64perfhost.exe [2008-1-20 19968]

S3 Update Server;BitDefender Update Server v2;C:Program FilesCommon FilesBitdefenderBitdefender Arrakis Serverbinarrakis3.exe [2011-7-22 466736]

S3 USBAAPL64;Apple Mobile USB Driver;C:Windowssystem32Driversusbaapl64.sys --> C:Windowssystem32Driversusbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:WindowsMicrosoft.NETFramework64v4.0.30319WPFWPFFontCache_v0400.exe [2010-3-18 1020768]

S4 Belkin Local Backup Service;Belkin Local Backup Service;C:Program FilesBelkinBelkin USB Print and Storage CenterBkBackupScheduler.exe [2011-6-4 181760]

S4 Belkin Network USB Helper;Belkin Network USB Helper;C:Program FilesBelkinBelkin USB Print and Storage CenterBkapcs.exe [2011-6-4 55296]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:WindowsMicrosoft.NETFramework64v2.0.50727mscorsvw.exe [2010-9-22 89920]

S4 MBAMService;MBAMService;C:Program Files (x86)Malwarebytes' Anti-Malwarembamservice.exe [2011-6-23 652360]

S4 TeamViewer6;TeamViewer 6;C:Program Files (x86)TeamViewerVersion6TeamViewer_Service.exe [2011-10-20 2358656]

S4 TeamViewer7;TeamViewer 7;C:Program Files (x86)TeamViewerVersion7TeamViewer_Service.exe [2011-12-14 2984832]

.

=============== File Associations ===============

.

inffile=%SystemRoot%SysWow64NOTEPAD.EXE %1

JSEFile=C:WindowsSysWOW64WScript.exe "%1" %*

VBEFile=%SystemRoot%SysWow64WScript.exe "%1" %*

VBSFile=%SystemRoot%SysWow64WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-02-19 03:09:11 -------- d-----w- C:Program Files (x86)X-Chat 2

2012-02-17 23:27:00 -------- d-----w- C:UsersZachAppDataLocaltemp

2012-02-17 23:14:48 -------- d-s---w- C:ComboFix

2012-02-16 03:37:51 -------- d-sh--w- C:$RECYCLE.BIN

2012-02-16 02:43:44 98816 ----a-w- C:Windowssed.exe

2012-02-16 02:43:44 518144 ----a-w- C:WindowsSWREG.exe

2012-02-16 02:43:44 256000 ----a-w- C:WindowsPEV.exe

2012-02-16 02:43:44 208896 ----a-w- C:WindowsMBR.exe

2012-02-14 22:24:21 680448 ----a-w- C:WindowsSysWow64msvcrt.dll

2012-02-14 22:24:21 621056 ----a-w- C:WindowsSystem32msvcrt.dll

2012-02-14 22:24:20 2765824 ----a-w- C:WindowsSystem32win32k.sys

2012-02-14 22:24:19 404992 ----a-w- C:WindowsSystem32driversafd.sys

2012-02-14 22:24:16 2409784 ----a-w- C:Program FilesWindows MailOESpamFilter.dat

2012-02-14 22:24:16 2409784 ----a-w- C:Program Files (x86)Windows MailOESpamFilter.dat

2012-02-05 23:06:09 3993576 ----a-w- C:WindowsSysWow64GameMon.des

2012-02-05 23:05:33 4682 ----a-w- C:WindowsSysWow64npptNT2.sys

2012-02-05 23:05:32 5174 ----a-w- C:WindowsSysWow64nppt9x.vxd

2012-02-05 23:05:27 -------- d-----w- C:Program FilesCommon FilesINCA Shared

2012-02-05 23:00:39 -------- d-----w- C:GamesCampus

2012-02-05 22:26:25 -------- d-----w- C:UsersZachAppDataLocalPMB Files

2012-02-05 22:26:22 -------- d-----w- C:ProgramDataPMB Files

2012-02-05 22:26:03 -------- d-----w- C:Program Files (x86)Pando Networks

2012-02-04 04:22:04 -------- d-----w- C:ProgramDataBDLogging

2012-02-04 02:50:30 -------- d-----w- C:Program Files (x86)Microsoft XNA

2012-02-04 02:37:15 -------- d-----w- C:Program Files (x86)Zachtronics Industries

2012-02-02 00:50:51 -------- d-----w- C:ProgramDataRELOADED

2012-02-02 00:25:31 -------- d-----w- C:UsersZachAppDataLocalSKIDROW

2012-02-02 00:21:59 508264 ----a-w- C:WindowsSystem32d3dx10_36.dll

2012-01-31 22:14:29 -------- d-----w- C:_OTL

2012-01-30 02:57:48 98304 ----a-w- C:WindowsSysWow64CmdLineExt.dll

2012-01-30 02:52:07 749568 ----a-w- C:Program Files (x86)Common FilesInstallShieldProfessionalRunTime1050Intel32iKernel.dll

2012-01-30 02:52:07 69715 ----a-w- C:Program Files (x86)Common FilesInstallShieldProfessionalRunTime1050Intel32ctor.dll

2012-01-30 02:52:07 5632 ----a-w- C:Program Files (x86)Common FilesInstallShieldProfessionalRunTime1050Intel32DotNetInstaller.exe

2012-01-30 02:52:07 274432 ----a-w- C:Program Files (x86)Common FilesInstallShieldProfessionalRunTime1050Intel32iscript.dll

2012-01-30 02:52:07 180224 ----a-w- C:Program Files (x86)Common FilesInstallShieldProfessionalRunTime1050Intel32iuser.dll

2012-01-30 02:52:03 192644 ----a-w- C:Program Files (x86)Common FilesInstallShieldProfessionalRunTime1050Intel32iGdi.dll

2012-01-30 02:52:02 323716 ----a-w- C:Program Files (x86)Common FilesInstallShieldProfessionalRunTime1050Intel32setup.dll

2012-01-29 07:39:28 -------- d-----w- C:UsersZachAppDataLocalGeckofx

2012-01-29 07:39:18 -------- d-----w- C:UsersZachAppDataRoamingFirefly Studios

2012-01-29 07:33:33 -------- d-----w- C:ProgramDataFirefly Studios

2012-01-29 05:35:09 -------- d-----w- C:Program Files (x86)GameSpy Arcade

2012-01-29 05:31:51 -------- d-----w- C:Program Files (x86)Firefly Studios

2012-01-29 05:31:21 32768 ------w- C:Program Files (x86)Common FilesInstallShieldEngine6Intel 32objectps.dll

2012-01-29 05:31:21 225280 ------w- C:Program Files (x86)Common FilesInstallShieldIScriptiscript.dll

2012-01-29 05:31:21 176128 ------w- C:Program Files (x86)Common FilesInstallShieldEngine6Intel 32iuser.dll

2012-01-29 05:31:20 77824 ----a-w- C:Program Files (x86)Common FilesInstallShieldEngine6Intel 32ctor.dll

2012-01-29 04:01:27 1892184 ----a-w- C:WindowsSysWow64D3DX9_42.dll

2012-01-29 04:01:25 2414360 ----a-w- C:WindowsSysWow64d3dx9_31.dll

2012-01-29 03:57:18 58624 ----a-w- C:WindowsSystem32driversvrtaucbl.sys

2012-01-29 03:57:18 -------- d-----w- C:Program FilesVirtual Audio Cable

2012-01-28 18:59:03 -------- d-----w- C:Program Files (x86)AMD APP

2012-01-27 02:07:21 -------- d-----w- C:UsersZachAppDataLocalAhead

2012-01-27 02:04:54 -------- d-----w- C:ProgramDataNero

2012-01-27 02:04:54 -------- d-----w- C:Program Files (x86)Nero

2012-01-27 01:09:58 -------- d-----w- C:Program Files (x86)FreeTime

2012-01-24 23:31:26 388096 ----a-r- C:UsersZachAppDataRoamingMicrosoftInstaller{45A66726-69BC-466B-A7A4-12FCBA4883D7}HiJackThis.exe

2012-01-24 23:31:26 -------- d-----w- C:Program Files (x86)Trend Micro

.

==================== Find3M ====================

.

2012-02-17 19:17:25 472808 ----a-w- C:WindowsSysWow64deployJava1.dll

2012-02-17 19:14:53 525544 ----a-w- C:WindowsSystem32deployJava1.dll

2012-02-03 22:34:18 79952 ----a-w- C:WindowsSystem32driversbdsandbox.sys

2012-02-03 22:34:14 544552 ----a-w- C:WindowsSystem32driversavckf.sys

2012-02-03 22:34:10 691384 ----a-w- C:WindowsSystem32driversavc3.sys

2012-01-22 05:16:08 525792 ----a-w- C:WindowsDIFxAPI.dll

2011-12-22 00:35:20 74344 ----a-w- C:WindowsSystem32RtNicProp64.dll

2011-12-21 00:34:39 442088 ----a-w- C:WindowsSystem32driversbdfsfltr.sys

2011-12-14 07:11:03 2308096 ----a-w- C:WindowsSystem32jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:WindowsSystem32wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:WindowsSystem32inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:WindowsSystem32mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:WindowsSysWow64jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:WindowsSysWow64wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:WindowsSysWow64inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:WindowsSysWow64mshtml.tlb

2011-12-14 01:27:30 4718952 ----a-w- C:WindowsSystem32driversRTKVHD64.sys

2011-12-13 23:58:20 1560168 ----a-w- C:WindowsSystem32RTSnMg64.cpl

2011-12-13 18:01:00 1698408 ----a-w- C:WindowsRtlExUpd.dll

2011-12-13 00:20:18 100456 ----a-w- C:WindowsSystem32RCoInstII64.dll

2011-12-10 22:24:08 23152 ----a-w- C:WindowsSystem32driversmbam.sys

2011-12-09 00:28:12 1969768 ----a-w- C:WindowsSystem32RtkApi64.dll

2011-12-08 23:27:38 3744872 ----a-w- C:WindowsSystem32RtkAPO64.dll

2011-12-06 05:04:06 69632 ----a-w- C:WindowsSystem32OpenVideo64.dll

2011-12-06 05:04:00 59904 ----a-w- C:WindowsSysWow64OpenVideo.dll

2011-12-06 05:03:54 61952 ----a-w- C:WindowsSystem32OVDecode64.dll

2011-12-06 05:03:52 54784 ----a-w- C:WindowsSysWow64OVDecode.dll

2011-12-06 05:03:42 17580544 ----a-w- C:WindowsSystem32amdocl64.dll

2011-12-06 05:03:04 14499328 ----a-w- C:WindowsSysWow64amdocl.dll

2011-12-06 03:45:40 10720256 ----a-w- C:WindowsSystem32driversatikmdag.sys

2011-12-06 03:18:38 25371136 ----a-w- C:WindowsSystem32atio6axx.dll

2011-12-06 03:17:50 159744 ----a-w- C:WindowsSystem32atiapfxx.exe

2011-12-06 03:17:36 778752 ----a-w- C:WindowsSysWow64aticfx32.dll

2011-12-06 03:16:00 933888 ----a-w- C:WindowsSystem32aticfx64.dll

2011-12-06 03:12:52 466944 ----a-w- C:WindowsSystem32ATIDEMGX.dll

2011-12-06 03:12:36 494080 ----a-w- C:WindowsSystem32atieclxx.exe

2011-12-06 03:11:56 235520 ----a-w- C:WindowsSystem32atiesrxx.exe

2011-12-06 03:10:38 120320 ----a-w- C:WindowsSystem32atitmm64.dll

2011-12-06 03:10:20 423424 ----a-w- C:WindowsSystem32atipdl64.dll

2011-12-06 03:10:12 360448 ----a-w- C:WindowsSysWow64atipdlxx.dll

2011-12-06 03:10:00 278528 ----a-w- C:WindowsSysWow64Oemdspif.dll

2011-12-06 03:09:56 21504 ----a-w- C:WindowsSystem32atimuixx.dll

2011-12-06 03:09:50 59392 ----a-w- C:WindowsSystem32atiedu64.dll

2011-12-06 03:09:44 43520 ----a-w- C:WindowsSysWow64ati2edxx.dll

2011-12-06 03:06:38 6159872 ----a-w- C:WindowsSysWow64atidxx32.dll

2011-12-06 02:56:40 19125760 ----a-w- C:WindowsSysWow64atioglxx.dll

2011-12-06 02:51:22 7520768 ----a-w- C:WindowsSystem32atidxx64.dll

2011-12-06 02:39:58 1113088 ----a-w- C:WindowsSystem32atiumd6v.dll

2011-12-06 02:39:24 1828864 ----a-w- C:WindowsSysWow64atiumdmv.dll

2011-12-06 02:39:12 4072960 ----a-w- C:WindowsSystem32atiumd6a.dll

2011-12-06 02:34:28 51200 ----a-w- C:WindowsSystem32aticalrt64.dll

2011-12-06 02:34:24 46080 ----a-w- C:WindowsSysWow64aticalrt.dll

2011-12-06 02:34:16 44544 ----a-w- C:WindowsSystem32aticalcl64.dll

2011-12-06 02:34:14 44032 ----a-w- C:WindowsSysWow64aticalcl.dll

2011-12-06 02:34:00 13738496 ----a-w- C:WindowsSystem32aticaldd64.dll

2011-12-06 02:33:36 5919232 ----a-w- C:WindowsSysWow64atiumdag.dll

2011-12-06 02:29:30 11484672 ----a-w- C:WindowsSysWow64aticaldd.dll

2011-12-06 02:28:50 4206592 ----a-w- C:WindowsSysWow64atiumdva.dll

2011-12-06 02:24:02 7511040 ----a-w- C:WindowsSystem32atiumd64.dll

2011-12-06 02:18:46 58880 ----a-w- C:WindowsSystem32coinst.dll

2011-12-06 02:13:02 509952 ----a-w- C:WindowsSystem32atiadlxx.dll

2011-12-06 02:12:52 356352 ----a-w- C:WindowsSysWow64atiadlxy.dll

2011-12-06 02:12:38 17408 ----a-w- C:WindowsSystem32atig6pxx.dll

2011-12-06 02:12:34 14336 ----a-w- C:WindowsSysWow64atiglpxx.dll

2011-12-06 02:12:34 14336 ----a-w- C:WindowsSystem32atiglpxx.dll

2011-12-06 02:12:30 39936 ----a-w- C:WindowsSystem32atig6txx.dll

2011-12-06 02:12:22 33280 ----a-w- C:WindowsSysWow64atigktxx.dll

2011-12-06 02:12:14 327168 ----a-w- C:WindowsSystem32driversatikmpag.sys

2011-12-06 02:11:24 42496 ----a-w- C:WindowsSystem32atiuxp64.dll

2011-12-06 02:11:16 33280 ----a-w- C:WindowsSysWow64atiuxpag.dll

2011-12-06 02:11:10 39936 ----a-w- C:WindowsSystem32atiu9p64.dll

2011-12-06 02:11:02 29696 ----a-w- C:WindowsSysWow64atiu9pag.dll

2011-12-06 02:10:48 54784 ----a-w- C:WindowsSystem32atimpc64.dll

2011-12-06 02:10:48 54784 ----a-w- C:WindowsSystem32amdpcom64.dll

2011-12-06 02:10:44 45056 ----a-w- C:WindowsSystem32atitmp64.dll

2011-12-06 02:10:42 53760 ----a-w- C:WindowsSysWow64atimpc32.dll

2011-12-06 02:10:42 53760 ----a-w- C:WindowsSysWow64amdpcom32.dll

2011-12-06 02:10:24 53248 ----a-w- C:WindowsSystem32driversati2erec.dll

2011-12-02 22:18:55 258736 ----a-w- C:WindowsSystem32driversavchv.sys

2011-12-02 02:52:56 44544 ----a-w- C:WindowsSysWow64msxml4a.dll

2011-11-26 23:08:05 18960 ----a-w- C:WindowsSystem32driversLNonPnP.sys

2011-11-25 16:25:32 451072 ----a-w- C:WindowsSystem32winsrv.dll

.

============= FINISH: 15:01:14.41 ===============

Link to comment
Share on other sites

Hi. :)

 

As for the problem with mozilla, i can only get one letter in the address bar before it freezes. and for ie, same issue, all the webpages i visit are blank/frozen.

OK and thanks for the update.

 

Regarding the sfc, it actually did tell me it found some errors that it was unable to fix.

Hmm without a actual Installation Vista DVD not a lot can be done about that at times. However if you run the scan again and in turn post the log, I may be able to locate what is the problem and rectify such.

 

Next:

 

DDS is reporting there are no System Restore points present. So lets check if it is enabled and create a new System Restore point as a precaution.

 

Right-click on the desktop icon Computer and select Properties >> System Protection >> if disabled, enable it/create a restore point etc.

 

Alternatively check as follows...

 

Start(Vista Orb) >> Accessories >> System Tools >> System Restore >> follow the prompts to enable if it is not/create a restore point etc.

 

Next:

 

Quite possible the below are the cause of the current issues:-

 

mRun: [combofix] C:ComboFixCF25554.3XE /c C:ComboFixCombobatch.bat

mRunOnce: [combofix] C:ComboFixCF25554.3XE /c C:ComboFixCombobatch.bat

So I think it is fine to actually uninstall ComboFix at this time.

 

The following boot-start or system-start driver(s) failed to load: i8042prt SRTSP SRTSPX trufos

This particular error relates to something from a prior Norton installation, which I thought was taken care of via the custom ComboFix script. We can however address this in another manner.

 

Uninstall ComboFix:

  • Click on Start(Vista Orb) >> Run...
  • Now type in ComboFix /Uninstall into the and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image
Norton/Symantec RT:

 

Please download the Norton Removal Tool and Save it to your Desktop.

  • Close all programs and right-click on Norton_Removal_Tool.exe and select Run as Administrator.
  • Follow the on-screen instructions.
  • Restart the computer if asked.
  • Then delete Norton_Removal_Tool.exe from your Desktop.
When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • SFC Log(if available).
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share


×
×
  • Create New...