DrPerry
-
Posts
26 -
Joined
-
Last visited
DrPerry's Achievements
Newbie (1/14)
0
Reputation
-
Ignore the edit on the post above this one. I tried doing the Windows installation on my USB, but it doesn't work for a few reasons. Is there anything else I can do?
-
I don't have the Windows 7 installation disc. When I re-installed Windows about 2 months ago, I had lost the disc then. I had to download a pirated version, so the OS I'm using now is pirated. Man, I download so much illegal crap, I would not be surprised if I were fined. EDIT: I do still have the Windows installation files however, so I can just install Windows with that. Or do that repair thing. I just have to boot the installation onto a USB flash drive and boot my PC from the flash drive. Would you like me to do that?
-
Yes I have tried running it as admin. I sill get the same results. I also can't edit any system settings or user settings. That means I can't access the UAC.
-
It won't work. When I click start after double-clicking on the program and checking the 'YES I accept the terms of use' nothing happens. It also has a small yellow and blue shield next to it, which up until now I have only just noticed, all the .EXE files I can't open have a shield next to it. Here's an image of the program and an image of my current desktop. (All the programs with a shield on it, won't open and I receive that stupid message.) http://i.imgur.com/XZL8B.jpg http://i.imgur.com/Z0r8V.jpg
-
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software Run date: 2011-08-15 20:11:00 ----------------------------- 20:11:00.455 OS Version: Windows 6.1.7600 20:11:00.455 Number of processors: 2 586 0x602 20:11:00.456 ComputerName: HAYDEN-PC UserName: Hayden 20:11:01.118 Initialze error C000003A - driver not loaded 20:11:25.597 Scan error: Incorrect function. 20:14:21.033 The log file has been saved successfully to "C:\Users\Hayden\Desktop\aswMBR.txt" I got an error, saying 'incorrect function' and nothing happened afterwards.
-
Can't open it. I will open it is Safe Mode. I will be back shortly with the results.
-
I ran it in Safe Mode any way. It told me it needed a reboot in order to finish removing stuff. It rebooted but I couldn't get into Safe Mode because my PC is retarded. When I logged on, nothing happened and I went to check the 'moved files'folder and found the log. I'm not if I did it all correctly, so just tell me if I have done something wrong. Here is the log file: All processes killed ========== OTL ========== C:\Windows\System32\drivers\AVG folder moved successfully. C:\Users\Hayden\AppData\Roaming\AVG10\cfgall folder moved successfully. C:\Users\Hayden\AppData\Roaming\AVG10 folder moved successfully. C:\Users\Hayden\AppData\Roaming\AVG9\cfgall folder moved successfully. C:\Users\Hayden\AppData\Roaming\AVG9 folder moved successfully. ========== REGISTRY ========== HKEY_CLASSES_ROOT\.exe\\""|"exefile" /E : value set successfully! HKEY_CLASSES_ROOT\.exe\\"Content Type"|"application/x-msdownload" /E : value set successfully! HKEY_CLASSES_ROOT\.exe\PersistentHandler\\""|"{098f2470-bae0-11cd-b579-08002b30bfeb}" /E : value set successfully! HKEY_CLASSES_ROOT\exefile\\""|"Application" /E : value set successfully! HKEY_CLASSES_ROOT\exefile\DefaultIcon\\""|"%1" /E : value set successfully! HKEY_CLASSES_ROOT\exefile\shell\open\command\\@|hex(2):22,00,25,00,31,00,22,00,20,00,25,00,2a,00,00,00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\""|"exefile" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\\"Content Type"|"application/x-msdownload" /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.exe\PersistentHandler\\""|"{098f2470-bae0-11cd-b579-08002b30bfeb}" /E : value set successfully! Registry key HKEY_CURRENT_USER\Software\Classes\.exe\ not found. Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\.exe\ not found. Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Classes\.exe\ not found. Registry key HKEY_CURRENT_USER\Software\Classes\exefile\ not found. Registry key HKEY_CURRENT_USER\Software\Classes\secfile\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\\ not found. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\\ not found. Registry key HKEY_LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithList\\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\exefile deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\OpenWithProgids\\secfile not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\�\ not found. Registry key HKEY_LOCAL-MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\�\ not found. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\iexplore.exe\shell\open\command\\@|"\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\"" /E : value set successfully! ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Hayden\Desktop\cmd.bat deleted successfully. C:\Users\Hayden\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Hayden ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1089123 bytes ->Java cache emptied: 96976 bytes ->Google Chrome cache emptied: 282589039 bytes ->Flash cache emptied: 1939 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 155648 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes RecycleBin emptied: 62146 bytes Total Files Cleaned = 271.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: Hayden ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.26.4 log created on 08152011_193607
-
I can't open OTL in normal mode, should I open it in Safe Mode instead?
-
Nope, doesn't do anything. I still can't open .EXE files, or even that registry file for that matter, only in Safe Mode can I open them. Are you sure the virus has been stopped?
-
I still can't open it. I'm just gonna do it in Safe Mode AGAIN. This time I'll merge it.
-
No, the EXE Fix didn't do anything. I tried placing it in C:/ and opening it, then restarted to see if it worked, then I did the same but place it in my USB, then I did the same again but placing it on desktop. All 3 methods did nothing, I still can't open .EXE files.
-
I only have one account on my computer which is Admin. I don't understand, why would you want me to place the file in C:/? What would be so much different about placing it on my desktop? Besides, I can't open it, so I will try opening it in Safe Mode.
-
Okay, here are the results: OTL.txt OTL logfile created on: 8/15/2011 11:48:17 - Run 1 OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Hayden\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 76.97% Memory free 6.00 Gb Paging File | 5.33 Gb Available in Paging File | 88.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.66 Gb Total Space | 372.40 Gb Free Space | 79.97% Space Free | Partition Type: NTFS Drive G: | 3.71 Gb Total Space | 3.60 Gb Free Space | 97.04% Space Free | Partition Type: FAT32 Computer Name: HAYDEN-PC | User Name: Hayden | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Hayden\Desktop\OTL.scr () ========== Modules (No Company Name) ========== MOD - C:\Users\Hayden\Desktop\OTL.scr () MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll () MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () ========== Win32 Services (SafeList) ========== SRV - (seclogon) -- File not found SRV - (QWAVE) -- File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe () SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.) DRV - (arusb_win7) -- C:\Windows\System32\drivers\arusb_win7.sys (Atheros Communications, Inc.) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (arusb_lh) -- C:\Windows\System32\drivers\arusb_lh.sys (Atheros Communications, Inc.) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 71 E5 CF B4 3C CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2011/08/14 16:54:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe () O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011/06/04 09:46:08 | 000,000,043 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: seclogon - File not found CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2011/08/15 11:45:18 | 000,000,000 | ---D | C] -- C:\Users\Hayden\WPDNSE [2011/08/14 16:56:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011/08/14 16:56:16 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011/08/14 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\temp [2011/08/14 16:49:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/08/14 16:49:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/08/14 16:49:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/08/14 16:49:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/08/14 16:49:20 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/08/14 16:48:31 | 004,171,847 | R--- | C] (Swearware) -- C:\Users\Hayden\Desktop\Combo-Fix.exe [2011/08/14 15:48:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\WinRAR [2011/08/14 14:55:46 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9533 [2011/08/14 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9484 [2011/08/14 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir23407 [2011/08/14 14:53:35 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX15 [2011/08/14 14:53:21 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX13 [2011/08/14 13:32:54 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\Paint.NET [2011/08/14 13:31:09 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX14 [2011/08/14 13:30:10 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX12 [2011/08/14 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX11 [2011/08/14 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX9 [2011/08/14 12:54:29 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX10 [2011/08/14 12:47:33 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX8 [2011/08/14 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX7 [2011/08/14 12:40:37 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX6 [2011/08/14 12:40:34 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX5 [2011/08/14 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX4 [2011/08/14 12:38:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011/08/14 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX3 [2011/08/14 12:36:13 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX2 [2011/08/14 12:36:07 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX0 [2011/08/14 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\CrashDumps [2011/08/14 12:34:52 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX1 [2011/08/14 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hayden\Desktop\RK_Quarantine [2011/08/14 12:19:20 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11650 [2011/08/14 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9517 [2011/08/14 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11604 [2011/08/14 01:21:48 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir13888 [2011/08/14 01:21:40 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir13862 [2011/08/14 01:21:40 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir13031 [2011/08/14 01:19:38 | 000,000,000 | ---D | C] -- C:\Config.Msi [2011/08/14 01:17:09 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir12977 [2011/08/14 01:16:58 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir29404 [2011/08/14 01:16:58 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir12941 [2011/08/14 01:11:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir4060 [2011/08/14 01:11:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11779 [2011/08/14 01:09:08 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11406 [2011/08/14 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir24971 [2011/08/14 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11387 [2011/08/14 01:03:39 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir10332 [2011/08/14 01:03:28 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir6715 [2011/08/14 01:03:28 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir10296 [2011/08/14 00:59:46 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9568 [2011/08/14 00:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9539 [2011/08/14 00:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir3453 [2011/08/14 00:56:56 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9016 [2011/08/14 00:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir8980 [2011/08/14 00:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir483 [2011/08/14 00:31:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool [2011/08/14 00:12:54 | 000,000,000 | ---D | C] -- C:\Users\Hayden\hsperfdata_Hayden [2011/08/14 00:12:21 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir281 [2011/08/14 00:12:11 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir29549 [2011/08/14 00:12:11 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir248 [2011/08/13 23:46:24 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\NVIDIA [2011/08/13 23:46:21 | 000,000,000 | ---D | C] -- C:\Users\Hayden\UCDebugger [2011/08/13 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir26766 [2011/08/13 23:40:03 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir26720 [2011/08/13 23:40:03 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir15997 [2011/08/13 23:39:32 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\VirtualStore [2011/08/13 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Macromedia [2011/08/13 21:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla! [2011/08/13 21:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/08/13 21:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/08/13 13:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2011/08/13 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2011/08/05 14:19:48 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\uTorrent [2011/07/31 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Hayden\ir_ext_temp_0 [2011/07/20 16:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011 [2011/07/20 16:28:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2011/07/18 18:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET [2011/07/17 13:07:19 | 000,000,000 | ---D | C] -- C:\Users\Hayden\{FD9F405E-A779-47F7-B79F-28B812CA5DEF} [2011/07/17 13:07:13 | 000,000,000 | ---D | C] -- C:\Users\Hayden\{03589E5E-3E9F-4B4D-8671-DCB8EF416636} [3 C:\Users\Hayden\*.tmp files -> C:\Users\Hayden\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/08/15 11:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/08/15 11:45:04 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2011/08/15 11:04:33 | 000,000,000 | -H-- | M] () -- C:\Users\Hayden\etilqs_XB7P0pBgngQHJWZE6ZlX [2011/08/15 10:23:54 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/08/15 10:23:54 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/08/15 10:23:50 | 000,579,584 | ---- | M] () -- C:\Users\Hayden\Desktop\OTL.scr [2011/08/15 10:20:07 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/08/15 10:20:07 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/08/14 23:00:20 | 000,037,223 | ---- | M] () -- C:\Users\Hayden\Desktop\Cool House Design.jpg [2011/08/14 16:54:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2011/08/14 16:48:48 | 004,171,847 | R--- | M] (Swearware) -- C:\Users\Hayden\Desktop\Combo-Fix.exe [2011/08/14 14:54:41 | 204,759,850 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011/08/14 14:53:36 | 000,002,908 | ---- | M] () -- C:\Users\Hayden\WERD9BC.tmp.WERInternalMetadata.xml [2011/08/14 13:24:29 | 000,000,000 | -H-- | M] () -- C:\Users\Hayden\etilqs_V40NWVIALECzc7Dp0Bia [2011/08/14 12:55:29 | 000,002,908 | ---- | M] () -- C:\Users\Hayden\WERD5C5.tmp.WERInternalMetadata.xml [2011/08/14 12:55:29 | 000,002,908 | ---- | M] () -- C:\Users\Hayden\WERD5B5.tmp.WERInternalMetadata.xml [2011/08/14 12:40:25 | 001,008,092 | ---- | M] () -- C:\Users\Hayden\Desktop\iExplore.exe [2011/08/14 12:40:16 | 001,008,092 | ---- | M] () -- C:\Users\Hayden\Desktop\eXplorer.exe [2011/08/14 12:34:28 | 001,008,092 | ---- | M] () -- C:\Users\Hayden\Desktop\rkill.com [2011/08/14 12:27:16 | 000,555,008 | ---- | M] () -- C:\Users\Hayden\Desktop\RogueKiller.exe [2011/08/14 01:44:16 | 000,049,208 | ---- | M] () -- C:\Users\Hayden\Hayden.bmp [2011/08/13 23:20:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/08/05 14:21:36 | 000,000,000 | ---- | M] () -- C:\Users\Hayden\utt8356.tmp.old [2011/08/05 14:19:53 | 000,000,000 | ---- | M] () -- C:\Users\Hayden\uttF319.tmp.old [2011/07/20 16:10:41 | 000,000,184 | ---- | M] () -- C:\Windows\System32\repair.bat [2011/07/18 18:43:50 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk [3 C:\Users\Hayden\*.tmp files -> C:\Users\Hayden\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/08/15 11:00:15 | 000,000,000 | -H-- | C] () -- C:\Users\Hayden\etilqs_XB7P0pBgngQHJWZE6ZlX [2011/08/15 10:23:46 | 000,579,584 | ---- | C] () -- C:\Users\Hayden\Desktop\OTL.scr [2011/08/14 23:00:28 | 000,037,223 | ---- | C] () -- C:\Users\Hayden\Desktop\Cool House Design.jpg [2011/08/14 16:49:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2011/08/14 16:49:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2011/08/14 16:49:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/08/14 16:49:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/08/14 16:49:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/08/14 14:53:36 | 000,002,908 | ---- | C] () -- C:\Users\Hayden\WERD9BC.tmp.WERInternalMetadata.xml [2011/08/14 13:24:11 | 000,000,000 | -H-- | C] () -- C:\Users\Hayden\etilqs_V40NWVIALECzc7Dp0Bia [2011/08/14 12:55:29 | 000,002,908 | ---- | C] () -- C:\Users\Hayden\WERD5C5.tmp.WERInternalMetadata.xml [2011/08/14 12:55:29 | 000,002,908 | ---- | C] () -- C:\Users\Hayden\WERD5B5.tmp.WERInternalMetadata.xml [2011/08/14 12:40:19 | 001,008,092 | ---- | C] () -- C:\Users\Hayden\Desktop\iExplore.exe [2011/08/14 12:40:11 | 001,008,092 | ---- | C] () -- C:\Users\Hayden\Desktop\eXplorer.exe [2011/08/14 12:38:08 | 204,759,850 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011/08/14 12:34:25 | 001,008,092 | ---- | C] () -- C:\Users\Hayden\Desktop\rkill.com [2011/08/14 12:27:15 | 000,555,008 | ---- | C] () -- C:\Users\Hayden\Desktop\RogueKiller.exe [2011/08/14 01:43:41 | 000,049,208 | ---- | C] () -- C:\Users\Hayden\Hayden.bmp [2011/08/13 23:20:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011/08/05 14:21:36 | 000,000,000 | ---- | C] () -- C:\Users\Hayden\utt8356.tmp.old [2011/08/05 14:19:53 | 000,000,000 | ---- | C] () -- C:\Users\Hayden\uttF319.tmp.old [2011/07/20 16:10:41 | 000,000,184 | ---- | C] () -- C:\Windows\System32\repair.bat [2011/07/18 18:43:50 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk [2011/07/18 18:43:50 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk [2011/07/05 12:16:42 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2011/07/05 12:16:42 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2011/07/01 16:25:48 | 000,003,475 | ---- | C] () -- C:\Windows\System32\wbers.dat [2011/07/01 16:25:46 | 000,025,963 | ---- | C] () -- C:\Windows\System32\wbers.dat.dmp [2011/06/24 14:55:31 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011/06/17 07:17:33 | 000,003,584 | ---- | C] () -- C:\Users\Hayden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/17 07:04:54 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys [2011/06/17 07:04:54 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin [2011/06/12 13:16:49 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 05:33:53 | 000,406,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,659,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,120,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll ========== LOP Check ========== [2011/08/15 10:29:00 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\.minecraft [2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\AVG10 [2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\AVG9 [2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\BitTorrent [2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\ijjigame [2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\uTorrent [2009/07/14 05:53:46 | 000,009,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2011/06/13 19:20:52 | 000,531,256 | ---- | M] () -- C:\AnalysisLog.sr0 [2011/07/05 12:13:45 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2011/08/14 16:50:11 | 000,000,072 | ---- | M] () -- C:\Av-test.txt [2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2011/06/04 19:39:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2005/04/08 03:16:43 | 000,000,015 | -H-- | M] () -- C:\cglogs.dat [2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2011/08/15 11:45:04 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys [2010/03/24 22:55:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011/08/14 16:56:14 | 000,024,048 | ---- | M] () -- C:\log.txt [2010/03/24 22:55:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2011/07/05 12:16:57 | 000,008,170 | ---- | M] () -- C:\NclRegPermissions(1).log [2011/08/15 11:45:03 | 3219,644,416 | -HS- | M] () -- C:\pagefile.sys [2011/08/14 13:32:05 | 000,000,745 | ---- | M] () -- C:\rke1.log [2011/08/14 13:32:05 | 000,000,745 | ---- | M] () -- C:\rkend.log [2011/08/14 14:53:36 | 000,001,735 | ---- | M] () -- C:\rkill.log [2011/08/14 13:32:05 | 000,000,000 | ---- | M] () -- C:\rkstart.log [2011/07/13 16:37:14 | 000,001,896 | ---- | M] () -- C:\Silverlight0.log [2011/07/13 16:37:14 | 001,426,364 | ---- | M] () -- C:\SilverlightMSI.log [2011/06/04 10:49:34 | 000,171,136 | RHS- | M] () -- C:\w7ldr < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll [2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > < %systemroot%\System32\config\*.sav > < %PROGRAMFILES%\* > [2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < %USERPROFILE%\..|smtmp;true;true;true /FP > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/04 17:42:42 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/04 17:42:42 | 000,748,336 | ---- | M] (Microsoft Corporation) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/04 17:42:42 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/04 17:42:42 | 000,748,336 | ---- | M] (Microsoft Corporation) < End of report > Extra.txt OTL Extras logfile created on: 8/15/2011 11:48:18 - Run 1 OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Hayden\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 76.97% Memory free 6.00 Gb Paging File | 5.33 Gb Available in Paging File | 88.92% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 465.66 Gb Total Space | 372.40 Gb Free Space | 79.97% Space Free | Partition Type: NTFS Drive G: | 3.71 Gb Total Space | 3.60 Gb Free Space | 97.04% Space Free | Partition Type: FAT32 Computer Name: HAYDEN-PC | User Name: Hayden | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1D46A3A0-B37D-423A-91C2-101A49E2FF80}" = Ventrilo Server "{1E03C8BE-0848-430F-BECA-7D7709401626}" = TP-LINK Wireless Client Utility "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 26 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = REACTOR "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93712806-272D-485E-8D8E-C08E861CF3E0}" = A.V.A "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0) "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3 "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29 "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3 "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "BitTorrent" = BitTorrent "Combat Arms EU" = Combat Arms EU "Fraps" = Fraps (remove only) "Half-Life 2" = Half-Life 2 "Half-Life_is1" = Half-Life "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "VirtualCloneDrive" = VirtualCloneDrive "VLC media player" = VideoLAN VLC media player 0.8.6f "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-bit) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 8/14/2011 08:32:02 | Computer Name = Hayden-PC | Source = Application Error | ID = 1000 Description = Faulting application name: pev.exe, version: 0.0.0.0, time stamp: 0x4d334d98 Faulting module name: pev.exe, version: 0.0.0.0, time stamp: 0x4d334d98 Exception code: 0xc0000417 Fault offset: 0x00081683 Faulting process id: 0x6c0 Faulting application start time: 0x01cc5a7e2b4c7580 Faulting application path: C:\Users\Hayden\RarSFX13\pev.exe Faulting module path: C:\Users\Hayden\RarSFX13\pev.exe Report Id: 68fb61c0-c671-11e0-a090-f5064215fb98 Error - 8/14/2011 08:32:15 | Computer Name = Hayden-PC | Source = System Restore | ID = 8193 Description = Error - 8/14/2011 08:32:18 | Computer Name = Hayden-PC | Source = System Restore | ID = 8193 Description = Error - 8/14/2011 08:32:28 | Computer Name = Hayden-PC | Source = System Restore | ID = 8193 Description = Error - 8/14/2011 08:32:38 | Computer Name = Hayden-PC | Source = System Restore | ID = 8193 Description = Error - 8/14/2011 08:32:44 | Computer Name = Hayden-PC | Source = System Restore | ID = 8193 Description = Error - 8/14/2011 11:49:31 | Computer Name = Hayden-PC | Source = VSS | ID = 18 Description = Error - 8/14/2011 11:49:31 | Computer Name = Hayden-PC | Source = VSS | ID = 8193 Description = Error - 8/14/2011 11:49:31 | Computer Name = Hayden-PC | Source = System Restore | ID = 8193 Description = Error - 8/15/2011 06:49:01 | Computer Name = Hayden-PC | Source = System Restore | ID = 8193 Description = [ System Events ] Error - 8/15/2011 06:45:06 | Computer Name = Hayden-PC | Source = Service Control Manager | ID = 7023 Description = The Base Filtering Engine service terminated with the following error: %%3 Error - 8/15/2011 06:45:06 | Computer Name = Hayden-PC | Source = Service Control Manager | ID = 7001 Description = The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: %%3 Error - 8/15/2011 06:45:06 | Computer Name = Hayden-PC | Source = Service Control Manager | ID = 7001 Description = The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: %%3 Error - 8/15/2011 06:45:06 | Computer Name = Hayden-PC | Source = Service Control Manager | ID = 7001 Description = The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: %%3 Error - 8/15/2011 06:45:06 | Computer Name = Hayden-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: discache ElbyCDIO spldr sptd Wanarpv6 Error - 8/15/2011 06:45:11 | Computer Name = Hayden-PC | Source = DCOM | ID = 10005 Description = Error - 8/15/2011 06:45:17 | Computer Name = Hayden-PC | Source = DCOM | ID = 10005 Description = Error - 8/15/2011 06:45:18 | Computer Name = Hayden-PC | Source = DCOM | ID = 10005 Description = Error - 8/15/2011 06:45:18 | Computer Name = Hayden-PC | Source = DCOM | ID = 10005 Description = Error - 8/15/2011 06:45:19 | Computer Name = Hayden-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: %%1068 < End of report >
-
For the record, normal mode does work fine, but the virus just stops me opening most .EXE files, activating my firewall, turning on any anti-virus protection, changing most settings in control panel and actually getting into safe mode. (I think, because when I try to get into Safe mode, 2 out of 3 it gives me a blue screen.) I will post the results soon.
-
Ah well, here's the reply that was supposed to appear: RogueKiller V5.3.1 [08/06/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows 7 (6.1.7600 ) 32 bits version Started in : Safe mode with network support User: Hayden [Admin rights] Mode: Remove -- Date : 08/14/2011 16:47:49 Bad processes: 0 Registry Entries: 2 [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) HOSTS File: 127.0.0.1 localhost ::1 localhost Finished : << RKreport[1].txt >> RKreport[1].txt --------------- ComboFix 11-08-15.01 - Hayden 08/14/2011 16:50:11.1.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1985 [GMT 1:00] Running from: c:\users\Hayden\Desktop\Combo-Fix.exe SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Steam\Steam.exe c:\users\Hayden\~DFD24F25E1FD98AB2C.TMP c:\users\Hayden\jline_git-Bukkit-0_0_0-892-ga9ddbaa-b935jnks.dll c:\users\Hayden\jvzc579n.vbt c:\users\Hayden\MSI1.tmp c:\users\Hayden\NGMDll.dll c:\users\Hayden\NGMResource.dll c:\users\Hayden\unicows.dll c:\windows\system32\config\systemprofile\avg-02036467-355c-4b71-ad96-656c4c1d607c.tmp c:\windows\system32\config\systemprofile\avg-0222c64b-80af-4a02-a7b3-335914402079.tmp c:\windows\system32\config\systemprofile\avg-0341b873-42d5-4528-b2c7-aa2f463cac54.tmp c:\windows\system32\config\systemprofile\avg-098fe61d-54e7-4a71-b199-a63f1305445c.tmp c:\windows\system32\config\systemprofile\avg-09b11d5e-b6dd-4e15-9007-3950ac57e309.tmp c:\windows\system32\config\systemprofile\avg-0bddec18-cf74-4b78-b9db-530c5a5ec941.tmp c:\windows\system32\config\systemprofile\avg-0dc2282d-586b-4846-92de-c93693adb004.tmp c:\windows\system32\config\systemprofile\avg-10a7ed5d-cb4d-4827-910e-cc1368694d0b.tmp c:\windows\system32\config\systemprofile\avg-11033b27-d45f-4953-b2a6-5e79dcad5206.tmp c:\windows\system32\config\systemprofile\avg-1199ee00-0be5-4e22-9c16-c901509b2713.tmp c:\windows\system32\config\systemprofile\avg-1204ee24-5ee6-4c35-a4d2-652a51bee70f.tmp c:\windows\system32\config\systemprofile\avg-1389ac40-893d-4542-81ad-7f1479e9602d.tmp c:\windows\system32\config\systemprofile\avg-13b29b6f-f0b1-4633-8a53-f55c8efe5123.tmp c:\windows\system32\config\systemprofile\avg-14b91709-4dc5-4a0f-9ca8-d5222caacf1e.tmp c:\windows\system32\config\systemprofile\avg-1db88123-e9eb-4c14-95ab-a608fc71f728.tmp c:\windows\system32\config\systemprofile\avg-1ea6df34-6d17-473f-a9ab-5b7f172fbd17.tmp c:\windows\system32\config\systemprofile\avg-1eff5244-e06e-4870-bd17-206485e4401d.tmp c:\windows\system32\config\systemprofile\avg-1ff06a74-a769-4178-94cd-3e3d9ec3ae0e.tmp c:\windows\system32\config\systemprofile\avg-20a06f0d-c2ad-432b-a9e9-b02c81e8053e.tmp c:\windows\system32\config\systemprofile\avg-22bfc30e-d671-4475-ad1e-b05501d05b2e.tmp c:\windows\system32\config\systemprofile\avg-28f2e064-47ca-4276-b2d7-df4116767c3f.tmp c:\windows\system32\config\systemprofile\avg-2989bb5b-430f-4366-9c71-6a1575ef762e.tmp c:\windows\system32\config\systemprofile\avg-29cafc36-8e9e-4b01-bd5f-227cdf7e9064.tmp c:\windows\system32\config\systemprofile\avg-2a4bd861-0250-4766-b424-5e11ffe45639.tmp c:\windows\system32\config\systemprofile\avg-30c55912-fe7e-403c-a5a0-283d59163f76.tmp c:\windows\system32\config\systemprofile\avg-31582d77-aefd-4b2c-8dcb-695bc38bdd7e.tmp c:\windows\system32\config\systemprofile\avg-35c25c4c-ef4e-495b-9f15-be6a7456cc65.tmp c:\windows\system32\config\systemprofile\avg-39caa029-28f8-4708-9ece-127a0ac4b66f.tmp c:\windows\system32\config\systemprofile\avg-3ad6765d-14f9-4751-8e97-951baa7fad10.tmp c:\windows\system32\config\systemprofile\avg-3b5a7a3b-2f7c-4f50-ac12-962dca935541.tmp c:\windows\system32\config\systemprofile\avg-3b765162-540d-4852-93d0-c17d508bf378.tmp c:\windows\system32\config\systemprofile\avg-3b9df519-80a9-490d-8912-b044fc28e935.tmp c:\windows\system32\config\systemprofile\avg-3fc9be26-4ec1-4f7e-9b26-bf55ae121d05.tmp c:\windows\system32\config\systemprofile\avg-402b8920-e2e8-4444-9f15-816a9de07f30.tmp c:\windows\system32\config\systemprofile\avg-40640806-ed06-4b23-bdf9-d20be6b34642.tmp c:\windows\system32\config\systemprofile\avg-4195f65f-61c8-423c-a8df-d5008c8a5f70.tmp c:\windows\system32\config\systemprofile\avg-435de149-9a92-4c23-a5fd-262ccf30d722.tmp c:\windows\system32\config\systemprofile\avg-43e41046-51ea-4c67-b0e0-4e253a584525.tmp c:\windows\system32\config\systemprofile\avg-4414fe1e-4255-4c70-8847-01008e14292a.tmp c:\windows\system32\config\systemprofile\avg-47be1974-6f1b-4d06-b45b-18190fcea411.tmp c:\windows\system32\config\systemprofile\avg-4be34b3c-86a7-4d2a-848e-4f18e859387c.tmp c:\windows\system32\config\systemprofile\avg-50da2042-f0da-4069-8da5-110e4c79c26d.tmp c:\windows\system32\config\systemprofile\avg-519aa852-47c1-4950-82cc-58545fe0774f.tmp c:\windows\system32\config\systemprofile\avg-543a811d-caea-480a-b963-d37ecb92f12b.tmp c:\windows\system32\config\systemprofile\avg-5446d44f-7517-4309-8d51-9838ec4c3275.tmp c:\windows\system32\config\systemprofile\avg-5459bb26-1ab4-4437-bab9-67127efd3872.tmp c:\windows\system32\config\systemprofile\avg-54f1fa64-5995-444b-97b3-33039be43907.tmp c:\windows\system32\config\systemprofile\avg-56d33c22-cfb9-4425-b7e7-65342aadce2b.tmp c:\windows\system32\config\systemprofile\avg-57e6491f-6017-4e5d-9a42-d71bf8818c2a.tmp c:\windows\system32\config\systemprofile\avg-5a3aa02b-f3d4-4406-942f-db10f74ade28.tmp c:\windows\system32\config\systemprofile\avg-5c353114-45dc-4b4e-8087-50599361230c.tmp c:\windows\system32\config\systemprofile\avg-5e4c7716-327d-4b71-a2d2-5b57d12b470b.tmp c:\windows\system32\config\systemprofile\avg-5e6a241e-cbac-4152-8518-0a72e51c5b74.tmp c:\windows\system32\config\systemprofile\avg-5f090d28-101f-4e43-a899-a43640ce3214.tmp c:\windows\system32\config\systemprofile\avg-61551b3e-5ea5-4324-9fda-5d7ac71c551b.tmp c:\windows\system32\config\systemprofile\avg-648e4c1c-1668-4746-af0d-4d1012a76d42.tmp c:\windows\system32\config\systemprofile\avg-6759414b-2682-475c-839d-805151975a62.tmp c:\windows\system32\config\systemprofile\avg-67675d1c-6c17-4b53-9785-ac7d040bf82b.tmp c:\windows\system32\config\systemprofile\avg-72cf8b05-0cd4-4d22-8a0b-d815f7f97f7b.tmp c:\windows\system32\config\systemprofile\avg-73ceb515-e859-4155-8fea-ed16cb902c4f.tmp c:\windows\system32\config\systemprofile\avg-75eea24b-57f9-4907-8a54-1e5c44fc390c.tmp c:\windows\system32\config\systemprofile\avg-793e9c21-e3b8-4d37-8d30-c6337561691e.tmp c:\windows\system32\config\systemprofile\avg-86e0a136-bae4-437e-b6b7-af2820ae3a19.tmp c:\windows\system32\config\systemprofile\avg-8a5e0230-b038-4706-bdcb-5d23db4f572f.tmp c:\windows\system32\config\systemprofile\avg-8aa06f7f-ea9d-4d6b-863e-4c193bea9141.tmp c:\windows\system32\config\systemprofile\avg-8ce49408-08b8-4251-87e7-143500b83636.tmp c:\windows\system32\config\systemprofile\avg-9281a76e-6ac8-4b33-88e6-616d9d5cf525.tmp c:\windows\system32\config\systemprofile\avg-94867b0e-877e-4e09-a8e3-ed5193661823.tmp c:\windows\system32\config\systemprofile\avg-959d0e4f-1384-467e-9d13-981ac61ba10f.tmp c:\windows\system32\config\systemprofile\avg-99b35a4d-48ca-4e42-9026-674ab463e454.tmp c:\windows\system32\config\systemprofile\avg-9b7fb22c-899b-4a3a-b8a3-4e06c4cbd132.tmp c:\windows\system32\config\systemprofile\avg-9bb5101e-3ddb-4063-ac7e-9517ed58a24f.tmp c:\windows\system32\config\systemprofile\avg-9e243e18-1f4a-4c53-84f6-c84aa9c05e4b.tmp c:\windows\system32\config\systemprofile\avg-9e4fde7c-3798-4312-b3a4-1a77372b3a25.tmp c:\windows\system32\config\systemprofile\avg-9e7d8f60-7699-4755-a82c-d755a1ecdb56.tmp c:\windows\system32\config\systemprofile\avg-9f50e07e-8b91-4978-8daf-4103b647d25e.tmp c:\windows\system32\config\systemprofile\avg-9faf495c-96d6-4b11-ae7b-073251b60826.tmp c:\windows\system32\config\systemprofile\avg-a27cb71a-7213-481c-a11c-8f218514874e.tmp c:\windows\system32\config\systemprofile\avg-a96a9d78-36b6-4978-9c77-083d6d388021.tmp c:\windows\system32\config\systemprofile\avg-ab380e0b-8ca0-486d-84c7-1044856cc724.tmp c:\windows\system32\config\systemprofile\avg-ace4060f-f631-454b-b1a3-e2512f306172.tmp c:\windows\system32\config\systemprofile\avg-acec1b05-adaa-4a5d-9cd8-2f61c2ee752d.tmp c:\windows\system32\config\systemprofile\avg-af37ec02-ddf8-4337-8bc6-af2ec5f9ba03.tmp c:\windows\system32\config\systemprofile\avg-af58de30-a1b3-4421-b055-f7713ef61261.tmp c:\windows\system32\config\systemprofile\avg-b2be2352-c17f-4266-ba8e-730707e4c56f.tmp c:\windows\system32\config\systemprofile\avg-b6553937-9532-4641-bbfc-4635dc32286b.tmp c:\windows\system32\config\systemprofile\avg-b6cdda3f-e902-4b5a-bb00-9431195f857f.tmp c:\windows\system32\config\systemprofile\avg-b85ceb28-9900-4143-bbf5-ed25ff988351.tmp c:\windows\system32\config\systemprofile\avg-b9907849-de48-447e-a9ab-ff5b08ae5e16.tmp c:\windows\system32\config\systemprofile\avg-bd3cc94b-44c7-4202-9eff-2b38f3815d35.tmp c:\windows\system32\config\systemprofile\avg-c9b25726-64d3-4a2b-ac32-33742c3f6d10.tmp c:\windows\system32\config\systemprofile\avg-ca226441-3027-476f-a73e-7a431dabff42.tmp c:\windows\system32\config\systemprofile\avg-ca83194d-d78c-444e-9151-8a0838d9f67f.tmp c:\windows\system32\config\systemprofile\avg-cb1d790d-b8af-4445-8650-4c29ea9f0830.tmp c:\windows\system32\config\systemprofile\avg-ce54543f-56c4-4e55-9eac-46011214ed35.tmp c:\windows\system32\config\systemprofile\avg-d0da156e-18ae-442b-9fab-2c07477ba776.tmp c:\windows\system32\config\systemprofile\avg-d1cf6525-0132-4400-b5be-fe27aba22b14.tmp c:\windows\system32\config\systemprofile\avg-d2e8ee1a-7e1e-414c-8565-8b4c16fdf562.tmp c:\windows\system32\config\systemprofile\avg-d92e977c-6a7c-4327-adfd-bb72f930a579.tmp c:\windows\system32\config\systemprofile\avg-dc01000c-306e-482a-a892-5a19aad6b946.tmp c:\windows\system32\config\systemprofile\avg-dc6d771d-ced0-4b10-9985-ed03e806c82c.tmp c:\windows\system32\config\systemprofile\avg-dd3cad44-530b-4e62-8fdf-8e7a575cce53.tmp c:\windows\system32\config\systemprofile\avg-dd444266-8a91-4d69-a401-8d4252552a2f.tmp c:\windows\system32\config\systemprofile\avg-df7b1d04-176d-4c2c-8be2-b959b7e40f1c.tmp c:\windows\system32\config\systemprofile\avg-dfb2ba0e-7824-4e6b-9664-36382677607e.tmp c:\windows\system32\config\systemprofile\avg-e02e267f-23a1-461b-aea6-0e0e96863110.tmp c:\windows\system32\config\systemprofile\avg-e3e5af26-1be2-4f09-9c5c-5f7d71f53329.tmp c:\windows\system32\config\systemprofile\avg-e7953738-5d8e-4020-b575-61583b833e11.tmp c:\windows\system32\config\systemprofile\avg-eaaa1220-8317-4862-a260-cc64ab58af22.tmp c:\windows\system32\config\systemprofile\avg-ece86d05-ddac-4e71-93f2-16222e315f5e.tmp c:\windows\system32\config\systemprofile\avg-f1597024-358e-455c-a848-c273281b3d6e.tmp c:\windows\system32\config\systemprofile\avg-f5abb03b-e9fb-4c75-adf6-c061dc4fa116.tmp c:\windows\system32\config\systemprofile\avg-f767634b-0e64-4864-a759-2919bbb37b61.tmp c:\windows\system32\config\systemprofile\avg-f815af4a-e497-4e2f-a8b8-7841232a2d58.tmp c:\windows\system32\config\systemprofile\avg-f9e41e61-fb47-484c-a513-14103e92fa54.tmp c:\windows\system32\config\systemprofile\avg-fb04417a-0aa7-497b-a67d-52287515bf09.tmp c:\windows\system32\config\systemprofile\avg-feb6696f-7f69-4476-928c-7034de073106.tmp c:\windows\system32\config\systemprofile\avg-ff09485b-d00c-4e78-8592-8d343f8fa90b.tmp c:\windows\system32\config\systemprofile\avg-ff98c620-dd52-4a3a-9672-1a0899d29705.tmp c:\windows\system32\server.log . . ((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 ))))))))))))))))))))))))))))))) . . 2011-08-14 15:46 . 2011-08-14 15:46 -------- d-----w- c:\users\Hayden\WPDNSE 2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir9533 2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir9484 2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir23407 2011-08-14 12:32 . 2011-08-14 12:32 -------- d-----w- c:\users\Hayden\AppData\Local\Paint.NET 2011-08-14 11:55 . 2011-08-14 11:56 -------- d-----w- c:\users\Hayden\RarSFX9 2011-08-14 11:47 . 2011-08-14 11:47 -------- d-----w- c:\users\Hayden\RarSFX8 2011-08-14 11:46 . 2011-08-14 11:47 -------- d-----w- c:\users\Hayden\RarSFX7 2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX6 2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX5 2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX4 2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX3 2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX2 2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX0 2011-08-14 11:35 . 2011-08-14 12:32 -------- d-----w- c:\users\Hayden\AppData\Local\CrashDumps 2011-08-14 11:34 . 2011-08-14 11:34 -------- d-----w- c:\users\Hayden\RarSFX1 2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir11650 2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir9517 2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir11604 2011-08-14 00:24 . 2011-08-14 00:24 -------- d-----w- c:\users\Hayden\TCDEC82.tmp 2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13888 2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13862 2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13031 2011-08-14 00:19 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E48E60E6-0F1A-4888-BC48-93C9F8B0CB97}\mpengine.dll 2011-08-14 00:17 . 2011-08-14 00:17 -------- d-----w- c:\users\Hayden\scoped_dir12977 2011-08-14 00:16 . 2011-08-14 00:16 -------- d-----w- c:\users\Hayden\scoped_dir29404 2011-08-14 00:16 . 2011-08-14 00:16 -------- d-----w- c:\users\Hayden\scoped_dir12941 2011-08-14 00:11 . 2011-08-14 00:11 -------- d-----w- c:\users\Hayden\scoped_dir4060 2011-08-14 00:11 . 2011-08-14 00:11 -------- d-----w- c:\users\Hayden\scoped_dir11779 2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir11406 2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir24971 2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir11387 2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir10332 2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir6715 2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir10296 2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir9568 2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir9539 2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir3453 2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir9016 2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir8980 2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir483 2011-08-13 23:12 . 2011-08-14 15:33 -------- d-----w- c:\users\Hayden\hsperfdata_Hayden 2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir281 2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir29549 2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir248 2011-08-13 22:46 . 2011-08-13 22:46 -------- d-----w- c:\users\Hayden\AppData\Roaming\NVIDIA 2011-08-13 22:46 . 2011-08-13 22:46 -------- d-----w- c:\users\Hayden\UCDebugger 2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir26766 2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir26720 2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir15997 2011-08-13 22:39 . 2011-08-13 22:39 -------- d-----w- c:\users\Hayden\AppData\Local\VirtualStore 2011-08-13 20:36 . 2011-08-13 22:24 -------- d-----w- c:\programdata\STOPzilla! 2011-08-13 20:01 . 2011-08-13 20:01 -------- d-----w- c:\programdata\Malwarebytes 2011-08-13 20:01 . 2011-08-14 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-08-13 12:17 . 2011-08-13 12:17 -------- d-----w- c:\programdata\Solidshield 2011-08-13 12:16 . 2011-08-14 08:09 -------- d-----w- c:\program files\McAfee Security Scan 2011-08-05 13:19 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\AppData\Roaming\uTorrent 2011-07-31 20:15 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\ir_ext_temp_0 2011-07-20 15:28 . 2011-08-14 00:19 -------- d-----w- c:\windows\system32\drivers\AVG 2011-07-20 15:23 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\7zSED6A.tmp 2011-07-20 15:10 . 2011-07-20 15:10 184 ----a-w- c:\windows\system32\repair.bat 2011-07-18 17:43 . 2011-07-18 17:43 -------- d-----w- c:\program files\Paint.NET 2011-07-17 12:07 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\{FD9F405E-A779-47F7-B79F-28B812CA5DEF} 2011-07-17 12:07 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\{03589E5E-3E9F-4B4D-8671-DCB8EF416636} . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-13 15:39 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-07-13 15:38 . 2011-07-13 15:38 962860 ----a-w- c:\users\Hayden\defaultCache.reg 2011-07-07 14:48 . 2011-06-22 20:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-05 18:31 . 2011-07-05 18:32 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll 2011-07-05 18:31 . 2011-07-05 18:32 22816 ----a-w- c:\windows\system32\MFEOtlk.dll 2011-06-29 20:05 . 2011-06-29 20:05 2838528 ----a-w- c:\users\Hayden\SkypeToolbars.msi 2011-06-29 20:05 . 2011-06-29 20:04 16579584 ----a-w- c:\users\Hayden\Skype.msi 2011-06-24 06:11 . 2011-06-24 06:11 235 ----a-w- c:\windows\system32\nxEuUninstall.bat 2011-06-06 16:36 . 2011-06-23 06:49 4005936 ----a-w- c:\windows\system32\GameMon.des 2011-06-04 18:59 . 2011-06-04 16:21 13824 ----a-w- c:\windows\system32\slwga.dll 2011-06-04 18:59 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll 2011-06-04 18:59 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll 2011-06-04 16:42 . 2011-06-04 16:42 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-04 16:42 . 2011-06-04 16:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-04 16:42 . 2011-06-04 16:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-04 16:42 . 2011-06-04 16:42 74752 ----a-w- c:\windows\system32\iesetup.dll 2011-06-04 16:42 . 2011-06-04 16:42 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-06-04 16:42 . 2011-06-04 16:42 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-04 16:42 . 2011-06-04 16:42 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-06-04 16:42 . 2011-06-04 16:42 367104 ----a-w- c:\windows\system32\html.iec 2011-06-04 16:42 . 2011-06-04 16:42 35840 ----a-w- c:\windows\system32\imgutil.dll 2011-06-04 16:42 . 2011-06-04 16:42 23552 ----a-w- c:\windows\system32\licmgr10.dll 2011-06-04 16:42 . 2011-06-04 16:42 161792 ----a-w- c:\windows\system32\msls31.dll 2011-06-04 16:42 . 2011-06-04 16:42 152064 ----a-w- c:\windows\system32\wextract.exe 2011-06-04 16:42 . 2011-06-04 16:42 150528 ----a-w- c:\windows\system32\iexpress.exe 2011-06-04 16:42 . 2011-06-04 16:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2011-06-04 16:42 . 2011-06-04 16:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl 2011-06-04 16:42 . 2011-06-04 16:42 11776 ----a-w- c:\windows\system32\mshta.exe 2011-06-04 16:42 . 2011-06-04 16:42 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-06-04 16:42 . 2011-06-04 16:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2011-06-04 16:42 . 2011-06-04 16:42 101888 ----a-w- c:\windows\system32\admparse.dll 2011-05-24 18:14 . 2011-06-04 16:10 222080 ------w- c:\windows\system32\MpSigStub.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2011-06-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 arusb_lh;TP-LINK TL-WN821N 11n Wireless LAN device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-01-14 415744] R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-07-28 1559552] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x] R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576] R3 netr73;Askey RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-06 4005936] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1343400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S3 arusb_win7;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7.sys [2010-02-23 612352] . . Contents of the 'Scheduled Tasks' folder . 2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263333183-3355947971-2896428383-1000Core.job - c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 16:04] . 2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263333183-3355947971-2896428383-1000UA.job - c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 16:04] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Steam App 440 - c:\program files\Steam\steam.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-08-14 16:56:14 ComboFix-quarantined-files.txt 2011-08-14 15:56 . Pre-Run: 400,750,481,408 bytes free Post-Run: 400,437,555,200 bytes free . - - End Of File - - F8319A3AB5A843F07F3BC2CBA1D21F95