Windows 7 Virus Problem

DrPerry · August 13, 2011

Hey there, this post might be a bit long, but please read through it all! This is also my first post on this website, so pick me up on anything I have done wrong!

So I have a really annoying virus on my PC, which prevents me opening any .EXE program downloaded from the internet. It also prevents me from opening basic Windows programs, such as Paint, Notepad, and a lot more. The ones I cannot open have an icon of a small windows, as if the program is unknown or just has no icon at all. I also can't activate my Firewall which can get annoying due to the fact I like to host servers for multiple video games and with the Firewall not working this doesn't stop or allow any server to be activated through the router. Whenever I try and activate my Firewall, it doesn't do anything as if I had never pressed 'activate' at all.

Now that I have shared my problems, let me share what I have done. In the bottom right hand corner of my screen, where the clock display is, there is a small white image with a red circle and white cross in the middle. When I click on it, it tells me my important messages. Here's an image of it:

http://i.imgur.com/I1ngB.png

This is what happens when I click on each of the buttons:

'Virus Protection'

http://i.imgur.com/PpXUg.png

http://i.imgur.com/HptsM.png

'Firewall'

http://i.imgur.com/RRqsW.png

'Windows Could Not Check For Updates'

http://i.imgur.com/qRhbx.png

http://i.imgur.com/A7xIT.png

'Set Up Backup'

It literally does nothing. Nothing at all.

Also here's an image of my Windows Program issue:

http://i.imgur.com/UlTcQ.jpg

If I try and open any of those programs, nothing happens.

I have AVG and McAfee installed on my PC but they don't seem to detect this virus. Well, AVG doesn't, McAfee just tells me to turn on AVG protection, which just gives me a message saying some random crap. It goes the same for any .EXE file I open downloaded from the internet, which could get irritating considering I want to install multiple anti-virus protectors, but I can't. Here's an image of what happens when I try to install 'STOPZilla'. (Just another anti-virus)

http://i.imgur.com/sVlBD.jpg

Help would be much appreciated! If you have any questions, please don't hesitate to ask them, I will be watching this thread for a while.

Thanks in advance!

Jelly Bean · August 13, 2011

Oh dear not good at all....

Follow the instuctions listed here:

http://extremetechsupport.com/threads/10689-Before-posting-for-Malware-Removal-help.

I will alert security staff of your issue for you...

Thankyou for your brillaint posting this will help the guys help you much quicker.....

DrPerry · August 13, 2011

Thank you very much indeed! I will be waiting for a reply soon! In the mean time, I will check out this website.

If help is given, much gratitude will be given!

EDIT: I cannot do anything that post has told me to do. All of the instructions tell me to open a downloaded .EXE file and do so,e stuff there. I cannot open downloaded .EXE files. I did download them and still have them on my desktop, but they won't open. :(

Edited August 13, 2011 by DrPerry

Jelly Bean · August 13, 2011

Are you able to download on another computer or laptop?

Then transfer to the infected computer using a disk or USB pen drive?

Or are you able to shut down the computer then restart and repeatedly tap F8 key,when a list appears choose safe mode with networking,then try to redownload.

DrPerry · August 13, 2011

I can't download from another computer, no. I have already tried Safe Mode and all it tells me is I can't install things whilst in Safe Mode. I will try it again however. I will reply with the update in 10 - 20 minutes.

DrPerry · August 13, 2011

I am currently on Safe Mode with Networking and am doing a full scan with Malware Bytes. Whilst I wait for this to finish, do you have any idea what's wrong with my PC?

RandyL · August 13, 2011

I would say a very nasty infection. JB has notified our excellent security staff so follow the instructions as best you can. They can assist you further.

This thread will likely be moved to the security section just so you know.

DrPerry · August 13, 2011

I would say a very nasty infection. JB has notified our excellent security staff so follow the instructions as best you can. They can assist you further.

This thread will likely be moved to the security section just so you know.

What, will they contact me via email? Or PM me, or post here?

RandyL · August 13, 2011

They will reply to you in this thread. Also at the top of this page is "Thread Tools". From there you can subscribe to this thread. If someone posts you will get a email notification.

http://extremetechsupport.com/faq.php?faq=vb3_user_profile#faq_vb3_subscriptions

Good luck here.

DrPerry · August 13, 2011

FOR GOD SAKE. Now all my important items have disappeared!! I can't do a system restore because it comes up with that damned message!! Would there be any possible way to regain all my stuff back? A majority of my stuff is gone, my saves to my games, important documents, all my web bookmarks and more. Most of my video game are still there, and work fine, but some of them have gone and all the rest that are left have all the saves deleted. I promise I have done nothing but gone into Safe Mode and opened a few anti-viruses to scan through my computer because I can't open them without Safe Mode.

WHAT DO I DO?!?!?

Starbuck · August 14, 2011

Hi DrPerry

Now all my important items have disappeared!!

Don't worry, they should still be there, this is one of the latest malware tricks.

Just don't run any temp file cleaners until i say so.

I want to install multiple anti-virus protectors, but I can't.

Good!

beleive me you don't want to make things worse.

It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Avg or McAfee.

If you can't download in normal mode, using safe mode with networking will be fine.

Then boot back into normal mode and try running them.

Step 1

Download RogueKiller and save it to your desktop.

Close all the running processes
Double click RogueKiller icon to run the program
Vista/Win7 users should right click the icon and select Run as Administrator.
When prompted, type 1 (SCAN) and then press Enter
A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Note:

If RogueKiller is blocked, do not hesitate to try running it again.

If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again.

Step 2

Please download RKill.com to your desktop from the following link.:

Rkill download link

Download page will open in a new tab or browser window.

When at the download page, click on the Download Now button to download RKill.com and save it on your desktop.

Once it is downloaded, double-click on the rkill.com icon.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself .

If the malware is persistant, you may have to run RKill a number of times.

When it has finished, the black window will automatically close and you can continue with the next step.

If you continue having problems running rkill.com, you can download iExplore or eXplorer.exe from the rkill download page. Both of these files are renamed copies of rkill.com, which you can try instead. Please note that the download page will open in a new browser window or tab.

Note

Please do not reboot your system until you have completed the following step, or the Malware will restart itself:

Step 3

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
For more information read:
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If running Vista/Win7, you may not see this screen
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v708/starbuck50/cf1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/whatnext.png

Click on Yes, to continue scanning for malware.

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please submit:

RKreport.txt

Combofix.txt

Thanks.

DrPerry · August 14, 2011

Okay, will do. At the moment I'm stuck at 'rKill' because it keeps saying 'pev.exe stopped working' or 'installation failed' and it comes up with multiple windows saying those. I understand I have to leave them, but if I do, I either get the blue screen, or the CMD windows just stays at 'terminating known malware processes. Please be patient.' When I say 'stays', I mean I have now waited 2 and a half hours for it to do something, but nothing has happened. Also, when I hit F8 and enter the start-up option menu and press Safe Mode with networking, the majority of the time I get the blue screen of death shortly before Windows starts.

I have done step one, so here is the RKreport

DrPerry · August 14, 2011

Here's an image of what's happening on my PC when I open rKill/iExplore/eXplorer. (They all result to this.)

http://i.imgur.com/r7G8y.png

Yeah... My PC is officially retarded.

Would there be any way to wipe my PC completely except for the OS? I have re-installed Windows 7 before, but it didn't really wipe my PC, but put my previous files into one folder called 'Windows.old'.

Also, the items you see on my desktop there were the items that disappeared, but I did a system restore just before I read your reply. I restored it to the one restoration point I had, which was about a week after I had re-installed Windows 7, but for some odd reason some of my items that I installed just 2 weeks ago have appeared after the system restore.

I really don't like this virus and everything I do to it probably makes it worse. I don't really care for any of my programs or documents any more, this virus is just too annoying. Besides, most of really personal stuff have gone anyway.

Starbuck · August 14, 2011

Hi DrPerry.

Ok, leave RKill for now.

Did you run RogueKiller?

if so, did you get the report?

DrPerry · August 14, 2011

Hi DrPerry.

Ok, leave RKill for now.
Did you run RogueKiller?
if so, did you get the report?

I did do that, look at the post above the one you replied to.

EDIT: Would it be possible for us to speak over an instant messaging service? Such as MSN? Or Yahoo? Or just emailing? It would be much easier on my behalf.

Edited August 14, 2011 by DrPerry

Starbuck · August 14, 2011

Hi DrPerry,

EDIT: Would it be possible for us to speak over an instant messaging service? Such as MSN? Or Yahoo? Or just emailing? It would be much easier on my behalf.

I'm afraid that's not possible.

The rules state that all help is conducted in the forums.

Ok, i see the RogueKiller report now.

Step 1

Close all the running processes
Double click RogueKiller icon to run the program
Vista/Win7 users should right click the icon and select Run as Administrator.
When prompted, type 2 (Delete) and then press Enter
A report will open, please copy and paste this report in your next reply.

A copy of the RKreport.txt can be found on your desktop.

Step 2

Try running Combofix now as per the previous instructions.

DrPerry · August 14, 2011

Okay, I have done everything you have told me to. Here are the two files:

ComboFix

RKreport

I will be awaiting further instructions!

DrPerry · August 14, 2011

I replied, but it doesn't look like my reply has appeared...

DrPerry · August 14, 2011

Ah well, here's the reply that was supposed to appear:

RogueKiller V5.3.1 [08/06/2011] by Tigzy

contact at http://www.sur-la-toile.com

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version

Started in : Safe mode with network support

User: Hayden [Admin rights]

Mode: Remove -- Date : 08/14/2011 16:47:49

Bad processes: 0

Registry Entries: 2

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:

127.0.0.1 localhost

::1 localhost

Finished : << RKreport[1].txt >>

RKreport[1].txt

---------------

ComboFix 11-08-15.01 - Hayden 08/14/2011 16:50:11.1.2 - x86 NETWORK

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3070.1985 [GMT 1:00]

Running from: c:\users\Hayden\Desktop\Combo-Fix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Steam\Steam.exe

c:\users\Hayden\~DFD24F25E1FD98AB2C.TMP

c:\users\Hayden\jline_git-Bukkit-0_0_0-892-ga9ddbaa-b935jnks.dll

c:\users\Hayden\jvzc579n.vbt

c:\users\Hayden\MSI1.tmp

c:\users\Hayden\NGMDll.dll

c:\users\Hayden\NGMResource.dll

c:\users\Hayden\unicows.dll

c:\windows\system32\config\systemprofile\avg-02036467-355c-4b71-ad96-656c4c1d607c.tmp

c:\windows\system32\config\systemprofile\avg-0222c64b-80af-4a02-a7b3-335914402079.tmp

c:\windows\system32\config\systemprofile\avg-0341b873-42d5-4528-b2c7-aa2f463cac54.tmp

c:\windows\system32\config\systemprofile\avg-098fe61d-54e7-4a71-b199-a63f1305445c.tmp

c:\windows\system32\config\systemprofile\avg-09b11d5e-b6dd-4e15-9007-3950ac57e309.tmp

c:\windows\system32\config\systemprofile\avg-0bddec18-cf74-4b78-b9db-530c5a5ec941.tmp

c:\windows\system32\config\systemprofile\avg-0dc2282d-586b-4846-92de-c93693adb004.tmp

c:\windows\system32\config\systemprofile\avg-10a7ed5d-cb4d-4827-910e-cc1368694d0b.tmp

c:\windows\system32\config\systemprofile\avg-11033b27-d45f-4953-b2a6-5e79dcad5206.tmp

c:\windows\system32\config\systemprofile\avg-1199ee00-0be5-4e22-9c16-c901509b2713.tmp

c:\windows\system32\config\systemprofile\avg-1204ee24-5ee6-4c35-a4d2-652a51bee70f.tmp

c:\windows\system32\config\systemprofile\avg-1389ac40-893d-4542-81ad-7f1479e9602d.tmp

c:\windows\system32\config\systemprofile\avg-13b29b6f-f0b1-4633-8a53-f55c8efe5123.tmp

c:\windows\system32\config\systemprofile\avg-14b91709-4dc5-4a0f-9ca8-d5222caacf1e.tmp

c:\windows\system32\config\systemprofile\avg-1db88123-e9eb-4c14-95ab-a608fc71f728.tmp

c:\windows\system32\config\systemprofile\avg-1ea6df34-6d17-473f-a9ab-5b7f172fbd17.tmp

c:\windows\system32\config\systemprofile\avg-1eff5244-e06e-4870-bd17-206485e4401d.tmp

c:\windows\system32\config\systemprofile\avg-1ff06a74-a769-4178-94cd-3e3d9ec3ae0e.tmp

c:\windows\system32\config\systemprofile\avg-20a06f0d-c2ad-432b-a9e9-b02c81e8053e.tmp

c:\windows\system32\config\systemprofile\avg-22bfc30e-d671-4475-ad1e-b05501d05b2e.tmp

c:\windows\system32\config\systemprofile\avg-28f2e064-47ca-4276-b2d7-df4116767c3f.tmp

c:\windows\system32\config\systemprofile\avg-2989bb5b-430f-4366-9c71-6a1575ef762e.tmp

c:\windows\system32\config\systemprofile\avg-29cafc36-8e9e-4b01-bd5f-227cdf7e9064.tmp

c:\windows\system32\config\systemprofile\avg-2a4bd861-0250-4766-b424-5e11ffe45639.tmp

c:\windows\system32\config\systemprofile\avg-30c55912-fe7e-403c-a5a0-283d59163f76.tmp

c:\windows\system32\config\systemprofile\avg-31582d77-aefd-4b2c-8dcb-695bc38bdd7e.tmp

c:\windows\system32\config\systemprofile\avg-35c25c4c-ef4e-495b-9f15-be6a7456cc65.tmp

c:\windows\system32\config\systemprofile\avg-39caa029-28f8-4708-9ece-127a0ac4b66f.tmp

c:\windows\system32\config\systemprofile\avg-3ad6765d-14f9-4751-8e97-951baa7fad10.tmp

c:\windows\system32\config\systemprofile\avg-3b5a7a3b-2f7c-4f50-ac12-962dca935541.tmp

c:\windows\system32\config\systemprofile\avg-3b765162-540d-4852-93d0-c17d508bf378.tmp

c:\windows\system32\config\systemprofile\avg-3b9df519-80a9-490d-8912-b044fc28e935.tmp

c:\windows\system32\config\systemprofile\avg-3fc9be26-4ec1-4f7e-9b26-bf55ae121d05.tmp

c:\windows\system32\config\systemprofile\avg-402b8920-e2e8-4444-9f15-816a9de07f30.tmp

c:\windows\system32\config\systemprofile\avg-40640806-ed06-4b23-bdf9-d20be6b34642.tmp

c:\windows\system32\config\systemprofile\avg-4195f65f-61c8-423c-a8df-d5008c8a5f70.tmp

c:\windows\system32\config\systemprofile\avg-435de149-9a92-4c23-a5fd-262ccf30d722.tmp

c:\windows\system32\config\systemprofile\avg-43e41046-51ea-4c67-b0e0-4e253a584525.tmp

c:\windows\system32\config\systemprofile\avg-4414fe1e-4255-4c70-8847-01008e14292a.tmp

c:\windows\system32\config\systemprofile\avg-47be1974-6f1b-4d06-b45b-18190fcea411.tmp

c:\windows\system32\config\systemprofile\avg-4be34b3c-86a7-4d2a-848e-4f18e859387c.tmp

c:\windows\system32\config\systemprofile\avg-50da2042-f0da-4069-8da5-110e4c79c26d.tmp

c:\windows\system32\config\systemprofile\avg-519aa852-47c1-4950-82cc-58545fe0774f.tmp

c:\windows\system32\config\systemprofile\avg-543a811d-caea-480a-b963-d37ecb92f12b.tmp

c:\windows\system32\config\systemprofile\avg-5446d44f-7517-4309-8d51-9838ec4c3275.tmp

c:\windows\system32\config\systemprofile\avg-5459bb26-1ab4-4437-bab9-67127efd3872.tmp

c:\windows\system32\config\systemprofile\avg-54f1fa64-5995-444b-97b3-33039be43907.tmp

c:\windows\system32\config\systemprofile\avg-56d33c22-cfb9-4425-b7e7-65342aadce2b.tmp

c:\windows\system32\config\systemprofile\avg-57e6491f-6017-4e5d-9a42-d71bf8818c2a.tmp

c:\windows\system32\config\systemprofile\avg-5a3aa02b-f3d4-4406-942f-db10f74ade28.tmp

c:\windows\system32\config\systemprofile\avg-5c353114-45dc-4b4e-8087-50599361230c.tmp

c:\windows\system32\config\systemprofile\avg-5e4c7716-327d-4b71-a2d2-5b57d12b470b.tmp

c:\windows\system32\config\systemprofile\avg-5e6a241e-cbac-4152-8518-0a72e51c5b74.tmp

c:\windows\system32\config\systemprofile\avg-5f090d28-101f-4e43-a899-a43640ce3214.tmp

c:\windows\system32\config\systemprofile\avg-61551b3e-5ea5-4324-9fda-5d7ac71c551b.tmp

c:\windows\system32\config\systemprofile\avg-648e4c1c-1668-4746-af0d-4d1012a76d42.tmp

c:\windows\system32\config\systemprofile\avg-6759414b-2682-475c-839d-805151975a62.tmp

c:\windows\system32\config\systemprofile\avg-67675d1c-6c17-4b53-9785-ac7d040bf82b.tmp

c:\windows\system32\config\systemprofile\avg-72cf8b05-0cd4-4d22-8a0b-d815f7f97f7b.tmp

c:\windows\system32\config\systemprofile\avg-73ceb515-e859-4155-8fea-ed16cb902c4f.tmp

c:\windows\system32\config\systemprofile\avg-75eea24b-57f9-4907-8a54-1e5c44fc390c.tmp

c:\windows\system32\config\systemprofile\avg-793e9c21-e3b8-4d37-8d30-c6337561691e.tmp

c:\windows\system32\config\systemprofile\avg-86e0a136-bae4-437e-b6b7-af2820ae3a19.tmp

c:\windows\system32\config\systemprofile\avg-8a5e0230-b038-4706-bdcb-5d23db4f572f.tmp

c:\windows\system32\config\systemprofile\avg-8aa06f7f-ea9d-4d6b-863e-4c193bea9141.tmp

c:\windows\system32\config\systemprofile\avg-8ce49408-08b8-4251-87e7-143500b83636.tmp

c:\windows\system32\config\systemprofile\avg-9281a76e-6ac8-4b33-88e6-616d9d5cf525.tmp

c:\windows\system32\config\systemprofile\avg-94867b0e-877e-4e09-a8e3-ed5193661823.tmp

c:\windows\system32\config\systemprofile\avg-959d0e4f-1384-467e-9d13-981ac61ba10f.tmp

c:\windows\system32\config\systemprofile\avg-99b35a4d-48ca-4e42-9026-674ab463e454.tmp

c:\windows\system32\config\systemprofile\avg-9b7fb22c-899b-4a3a-b8a3-4e06c4cbd132.tmp

c:\windows\system32\config\systemprofile\avg-9bb5101e-3ddb-4063-ac7e-9517ed58a24f.tmp

c:\windows\system32\config\systemprofile\avg-9e243e18-1f4a-4c53-84f6-c84aa9c05e4b.tmp

c:\windows\system32\config\systemprofile\avg-9e4fde7c-3798-4312-b3a4-1a77372b3a25.tmp

c:\windows\system32\config\systemprofile\avg-9e7d8f60-7699-4755-a82c-d755a1ecdb56.tmp

c:\windows\system32\config\systemprofile\avg-9f50e07e-8b91-4978-8daf-4103b647d25e.tmp

c:\windows\system32\config\systemprofile\avg-9faf495c-96d6-4b11-ae7b-073251b60826.tmp

c:\windows\system32\config\systemprofile\avg-a27cb71a-7213-481c-a11c-8f218514874e.tmp

c:\windows\system32\config\systemprofile\avg-a96a9d78-36b6-4978-9c77-083d6d388021.tmp

c:\windows\system32\config\systemprofile\avg-ab380e0b-8ca0-486d-84c7-1044856cc724.tmp

c:\windows\system32\config\systemprofile\avg-ace4060f-f631-454b-b1a3-e2512f306172.tmp

c:\windows\system32\config\systemprofile\avg-acec1b05-adaa-4a5d-9cd8-2f61c2ee752d.tmp

c:\windows\system32\config\systemprofile\avg-af37ec02-ddf8-4337-8bc6-af2ec5f9ba03.tmp

c:\windows\system32\config\systemprofile\avg-af58de30-a1b3-4421-b055-f7713ef61261.tmp

c:\windows\system32\config\systemprofile\avg-b2be2352-c17f-4266-ba8e-730707e4c56f.tmp

c:\windows\system32\config\systemprofile\avg-b6553937-9532-4641-bbfc-4635dc32286b.tmp

c:\windows\system32\config\systemprofile\avg-b6cdda3f-e902-4b5a-bb00-9431195f857f.tmp

c:\windows\system32\config\systemprofile\avg-b85ceb28-9900-4143-bbf5-ed25ff988351.tmp

c:\windows\system32\config\systemprofile\avg-b9907849-de48-447e-a9ab-ff5b08ae5e16.tmp

c:\windows\system32\config\systemprofile\avg-bd3cc94b-44c7-4202-9eff-2b38f3815d35.tmp

c:\windows\system32\config\systemprofile\avg-c9b25726-64d3-4a2b-ac32-33742c3f6d10.tmp

c:\windows\system32\config\systemprofile\avg-ca226441-3027-476f-a73e-7a431dabff42.tmp

c:\windows\system32\config\systemprofile\avg-ca83194d-d78c-444e-9151-8a0838d9f67f.tmp

c:\windows\system32\config\systemprofile\avg-cb1d790d-b8af-4445-8650-4c29ea9f0830.tmp

c:\windows\system32\config\systemprofile\avg-ce54543f-56c4-4e55-9eac-46011214ed35.tmp

c:\windows\system32\config\systemprofile\avg-d0da156e-18ae-442b-9fab-2c07477ba776.tmp

c:\windows\system32\config\systemprofile\avg-d1cf6525-0132-4400-b5be-fe27aba22b14.tmp

c:\windows\system32\config\systemprofile\avg-d2e8ee1a-7e1e-414c-8565-8b4c16fdf562.tmp

c:\windows\system32\config\systemprofile\avg-d92e977c-6a7c-4327-adfd-bb72f930a579.tmp

c:\windows\system32\config\systemprofile\avg-dc01000c-306e-482a-a892-5a19aad6b946.tmp

c:\windows\system32\config\systemprofile\avg-dc6d771d-ced0-4b10-9985-ed03e806c82c.tmp

c:\windows\system32\config\systemprofile\avg-dd3cad44-530b-4e62-8fdf-8e7a575cce53.tmp

c:\windows\system32\config\systemprofile\avg-dd444266-8a91-4d69-a401-8d4252552a2f.tmp

c:\windows\system32\config\systemprofile\avg-df7b1d04-176d-4c2c-8be2-b959b7e40f1c.tmp

c:\windows\system32\config\systemprofile\avg-dfb2ba0e-7824-4e6b-9664-36382677607e.tmp

c:\windows\system32\config\systemprofile\avg-e02e267f-23a1-461b-aea6-0e0e96863110.tmp

c:\windows\system32\config\systemprofile\avg-e3e5af26-1be2-4f09-9c5c-5f7d71f53329.tmp

c:\windows\system32\config\systemprofile\avg-e7953738-5d8e-4020-b575-61583b833e11.tmp

c:\windows\system32\config\systemprofile\avg-eaaa1220-8317-4862-a260-cc64ab58af22.tmp

c:\windows\system32\config\systemprofile\avg-ece86d05-ddac-4e71-93f2-16222e315f5e.tmp

c:\windows\system32\config\systemprofile\avg-f1597024-358e-455c-a848-c273281b3d6e.tmp

c:\windows\system32\config\systemprofile\avg-f5abb03b-e9fb-4c75-adf6-c061dc4fa116.tmp

c:\windows\system32\config\systemprofile\avg-f767634b-0e64-4864-a759-2919bbb37b61.tmp

c:\windows\system32\config\systemprofile\avg-f815af4a-e497-4e2f-a8b8-7841232a2d58.tmp

c:\windows\system32\config\systemprofile\avg-f9e41e61-fb47-484c-a513-14103e92fa54.tmp

c:\windows\system32\config\systemprofile\avg-fb04417a-0aa7-497b-a67d-52287515bf09.tmp

c:\windows\system32\config\systemprofile\avg-feb6696f-7f69-4476-928c-7034de073106.tmp

c:\windows\system32\config\systemprofile\avg-ff09485b-d00c-4e78-8592-8d343f8fa90b.tmp

c:\windows\system32\config\systemprofile\avg-ff98c620-dd52-4a3a-9672-1a0899d29705.tmp

c:\windows\system32\server.log

.

((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))

.

2011-08-14 15:46 . 2011-08-14 15:46 -------- d-----w- c:\users\Hayden\WPDNSE

2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir9533

2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir9484

2011-08-14 13:55 . 2011-08-14 13:55 -------- d-----w- c:\users\Hayden\scoped_dir23407

2011-08-14 12:32 . 2011-08-14 12:32 -------- d-----w- c:\users\Hayden\AppData\Local\Paint.NET

2011-08-14 11:55 . 2011-08-14 11:56 -------- d-----w- c:\users\Hayden\RarSFX9

2011-08-14 11:47 . 2011-08-14 11:47 -------- d-----w- c:\users\Hayden\RarSFX8

2011-08-14 11:46 . 2011-08-14 11:47 -------- d-----w- c:\users\Hayden\RarSFX7

2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX6

2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX5

2011-08-14 11:40 . 2011-08-14 11:40 -------- d-----w- c:\users\Hayden\RarSFX4

2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX3

2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX2

2011-08-14 11:36 . 2011-08-14 11:36 -------- d-----w- c:\users\Hayden\RarSFX0

2011-08-14 11:35 . 2011-08-14 12:32 -------- d-----w- c:\users\Hayden\AppData\Local\CrashDumps

2011-08-14 11:34 . 2011-08-14 11:34 -------- d-----w- c:\users\Hayden\RarSFX1

2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir11650

2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir9517

2011-08-14 11:19 . 2011-08-14 11:19 -------- d-----w- c:\users\Hayden\scoped_dir11604

2011-08-14 00:24 . 2011-08-14 00:24 -------- d-----w- c:\users\Hayden\TCDEC82.tmp

2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13888

2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13862

2011-08-14 00:21 . 2011-08-14 00:21 -------- d-----w- c:\users\Hayden\scoped_dir13031

2011-08-14 00:19 . 2011-05-24 18:12 6962000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E48E60E6-0F1A-4888-BC48-93C9F8B0CB97}\mpengine.dll

2011-08-14 00:17 . 2011-08-14 00:17 -------- d-----w- c:\users\Hayden\scoped_dir12977

2011-08-14 00:16 . 2011-08-14 00:16 -------- d-----w- c:\users\Hayden\scoped_dir29404

2011-08-14 00:16 . 2011-08-14 00:16 -------- d-----w- c:\users\Hayden\scoped_dir12941

2011-08-14 00:11 . 2011-08-14 00:11 -------- d-----w- c:\users\Hayden\scoped_dir4060

2011-08-14 00:11 . 2011-08-14 00:11 -------- d-----w- c:\users\Hayden\scoped_dir11779

2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir11406

2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir24971

2011-08-14 00:09 . 2011-08-14 00:09 -------- d-----w- c:\users\Hayden\scoped_dir11387

2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir10332

2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir6715

2011-08-14 00:03 . 2011-08-14 00:03 -------- d-----w- c:\users\Hayden\scoped_dir10296

2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir9568

2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir9539

2011-08-13 23:59 . 2011-08-13 23:59 -------- d-----w- c:\users\Hayden\scoped_dir3453

2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir9016

2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir8980

2011-08-13 23:56 . 2011-08-13 23:56 -------- d-----w- c:\users\Hayden\scoped_dir483

2011-08-13 23:12 . 2011-08-14 15:33 -------- d-----w- c:\users\Hayden\hsperfdata_Hayden

2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir281

2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir29549

2011-08-13 23:12 . 2011-08-13 23:12 -------- d-----w- c:\users\Hayden\scoped_dir248

2011-08-13 22:46 . 2011-08-13 22:46 -------- d-----w- c:\users\Hayden\AppData\Roaming\NVIDIA

2011-08-13 22:46 . 2011-08-13 22:46 -------- d-----w- c:\users\Hayden\UCDebugger

2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir26766

2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir26720

2011-08-13 22:40 . 2011-08-13 22:40 -------- d-----w- c:\users\Hayden\scoped_dir15997

2011-08-13 22:39 . 2011-08-13 22:39 -------- d-----w- c:\users\Hayden\AppData\Local\VirtualStore

2011-08-13 20:36 . 2011-08-13 22:24 -------- d-----w- c:\programdata\STOPzilla!

2011-08-13 20:01 . 2011-08-13 20:01 -------- d-----w- c:\programdata\Malwarebytes

2011-08-13 20:01 . 2011-08-14 08:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-13 12:17 . 2011-08-13 12:17 -------- d-----w- c:\programdata\Solidshield

2011-08-13 12:16 . 2011-08-14 08:09 -------- d-----w- c:\program files\McAfee Security Scan

2011-08-05 13:19 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\AppData\Roaming\uTorrent

2011-07-31 20:15 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\ir_ext_temp_0

2011-07-20 15:28 . 2011-08-14 00:19 -------- d-----w- c:\windows\system32\drivers\AVG

2011-07-20 15:23 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\7zSED6A.tmp

2011-07-20 15:10 . 2011-07-20 15:10 184 ----a-w- c:\windows\system32\repair.bat

2011-07-18 17:43 . 2011-07-18 17:43 -------- d-----w- c:\program files\Paint.NET

2011-07-17 12:07 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\{FD9F405E-A779-47F7-B79F-28B812CA5DEF}

2011-07-17 12:07 . 2011-08-14 08:54 -------- d-----w- c:\users\Hayden\{03589E5E-3E9F-4B4D-8671-DCB8EF416636}

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-13 15:39 . 2011-03-28 17:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-07-13 15:38 . 2011-07-13 15:38 962860 ----a-w- c:\users\Hayden\defaultCache.reg

2011-07-07 14:48 . 2011-06-22 20:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-05 18:31 . 2011-07-05 18:32 74848 ----a-w- c:\windows\system32\MfeOtlkAddin.dll

2011-07-05 18:31 . 2011-07-05 18:32 22816 ----a-w- c:\windows\system32\MFEOtlk.dll

2011-06-29 20:05 . 2011-06-29 20:05 2838528 ----a-w- c:\users\Hayden\SkypeToolbars.msi

2011-06-29 20:05 . 2011-06-29 20:04 16579584 ----a-w- c:\users\Hayden\Skype.msi

2011-06-24 06:11 . 2011-06-24 06:11 235 ----a-w- c:\windows\system32\nxEuUninstall.bat

2011-06-06 16:36 . 2011-06-23 06:49 4005936 ----a-w- c:\windows\system32\GameMon.des

2011-06-04 18:59 . 2011-06-04 16:21 13824 ----a-w- c:\windows\system32\slwga.dll

2011-06-04 18:59 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll

2011-06-04 18:59 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll

2011-06-04 16:42 . 2011-06-04 16:42 86528 ----a-w- c:\windows\system32\iesysprep.dll

2011-06-04 16:42 . 2011-06-04 16:42 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2011-06-04 16:42 . 2011-06-04 16:42 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2011-06-04 16:42 . 2011-06-04 16:42 74752 ----a-w- c:\windows\system32\iesetup.dll

2011-06-04 16:42 . 2011-06-04 16:42 63488 ----a-w- c:\windows\system32\tdc.ocx

2011-06-04 16:42 . 2011-06-04 16:42 48640 ----a-w- c:\windows\system32\mshtmler.dll

2011-06-04 16:42 . 2011-06-04 16:42 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-06-04 16:42 . 2011-06-04 16:42 367104 ----a-w- c:\windows\system32\html.iec

2011-06-04 16:42 . 2011-06-04 16:42 35840 ----a-w- c:\windows\system32\imgutil.dll

2011-06-04 16:42 . 2011-06-04 16:42 23552 ----a-w- c:\windows\system32\licmgr10.dll

2011-06-04 16:42 . 2011-06-04 16:42 161792 ----a-w- c:\windows\system32\msls31.dll

2011-06-04 16:42 . 2011-06-04 16:42 152064 ----a-w- c:\windows\system32\wextract.exe

2011-06-04 16:42 . 2011-06-04 16:42 150528 ----a-w- c:\windows\system32\iexpress.exe

2011-06-04 16:42 . 2011-06-04 16:42 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2011-06-04 16:42 . 2011-06-04 16:42 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-06-04 16:42 . 2011-06-04 16:42 11776 ----a-w- c:\windows\system32\mshta.exe

2011-06-04 16:42 . 2011-06-04 16:42 1126912 ----a-w- c:\windows\system32\wininet.dll

2011-06-04 16:42 . 2011-06-04 16:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll

2011-06-04 16:42 . 2011-06-04 16:42 101888 ----a-w- c:\windows\system32\admparse.dll

2011-05-24 18:14 . 2011-06-04 16:10 222080 ------w- c:\windows\system32\MpSigStub.exe

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2011-06-04 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 arusb_lh;TP-LINK TL-WN821N 11n Wireless LAN device driver;c:\windows\system32\DRIVERS\arusb_lh.sys [2008-01-14 415744]

R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-07-28 1559552]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 netr73;Askey RT73 Wireless Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-06-06 4005936]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S3 arusb_win7;Service For TP-LINK Wireless N Adapter;c:\windows\system32\DRIVERS\arusb_win7.sys [2010-02-23 612352]

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263333183-3355947971-2896428383-1000Core.job

- c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 16:04]

.

2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-263333183-3355947971-2896428383-1000UA.job

- c:\users\Hayden\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-04 16:04]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Steam App 440 - c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-14 16:56:14

ComboFix-quarantined-files.txt 2011-08-14 15:56

.

Pre-Run: 400,750,481,408 bytes free

Post-Run: 400,437,555,200 bytes free

.

- - End Of File - - F8319A3AB5A843F07F3BC2CBA1D21F95

Starbuck · August 15, 2011

Hi DrPerry,

I've added the reports to your last post as they are easier to read that way.

Does the system run in normal mode ok now?

If so, run this next step in normal mode.

It will run in safe mode but will give us a better report if run in normal mode.

Download OTL to your desktop.
right click on the link and select 'Save Link/Target As'.

if you have problems, try this download link:
OTL
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check

.

http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png

netsvcs

msconfig

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\system32\*.exe /lockedfiles

%systemroot%\System32\config\*.sav

%PROGRAMFILES%\*

%USERPROFILE%\..|smtmp;true;true;true /FP

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

hklm\software\clients\startmenuinternet|command /rs

hklm\software\clients\startmenuinternet|command /64 /rs

CREATERESTOREPOINT

right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png
.
Click the Run Scan button.

http://img.photobucket.com/albums/v708/starbuck50/runscan.png
Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

Thanks

DrPerry · August 15, 2011

For the record, normal mode does work fine, but the virus just stops me opening most .EXE files, activating my firewall, turning on any anti-virus protection, changing most settings in control panel and actually getting into safe mode. (I think, because when I try to get into Safe mode, 2 out of 3 it gives me a blue screen.)

I will post the results soon.

DrPerry · August 15, 2011

Okay, here are the results:

OTL.txt

OTL logfile created on: 8/15/2011 11:48:17 - Run 1

OTL by OldTimer - Version 3.2.26.4 Folder = C:\Users\Hayden\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 76.97% Memory free

6.00 Gb Paging File | 5.33 Gb Available in Paging File | 88.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 465.66 Gb Total Space | 372.40 Gb Free Space | 79.97% Space Free | Partition Type: NTFS

Drive G: | 3.71 Gb Total Space | 3.60 Gb Free Space | 97.04% Space Free | Partition Type: FAT32

Computer Name: HAYDEN-PC | User Name: Hayden | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Hayden\Desktop\OTL.scr ()

========== Modules (No Company Name) ==========

MOD - C:\Users\Hayden\Desktop\OTL.scr ()

MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()

MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()

========== Win32 Services (SafeList) ==========

SRV - (seclogon) -- File not found

SRV - (QWAVE) -- File not found

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe ()

SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

========== Driver Services (SafeList) ==========

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (athur) -- C:\Windows\System32\drivers\athur.sys (Atheros Communications, Inc.)

DRV - (arusb_win7) -- C:\Windows\System32\drivers\arusb_win7.sys (Atheros Communications, Inc.)

DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (arusb_lh) -- C:\Windows\System32\drivers\arusb_lh.sys (Atheros Communications, Inc.)

DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 71 E5 CF B4 3C CC 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hayden\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2011/08/14 16:54:33 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2011/06/04 09:46:08 | 000,000,043 | ---- | M] () - G:\AUTORUN.INF -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

NetSvcs: seclogon - File not found

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/08/15 11:45:18 | 000,000,000 | ---D | C] -- C:\Users\Hayden\WPDNSE

[2011/08/14 16:56:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011/08/14 16:56:16 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2011/08/14 16:56:16 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\temp

[2011/08/14 16:49:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/08/14 16:49:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/08/14 16:49:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/08/14 16:49:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/08/14 16:49:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/08/14 16:48:31 | 004,171,847 | R--- | C] (Swearware) -- C:\Users\Hayden\Desktop\Combo-Fix.exe

[2011/08/14 15:48:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\WinRAR

[2011/08/14 14:55:46 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9533

[2011/08/14 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9484

[2011/08/14 14:55:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir23407

[2011/08/14 14:53:35 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX15

[2011/08/14 14:53:21 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX13

[2011/08/14 13:32:54 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\Paint.NET

[2011/08/14 13:31:09 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX14

[2011/08/14 13:30:10 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX12

[2011/08/14 13:23:45 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX11

[2011/08/14 12:55:14 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX9

[2011/08/14 12:54:29 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX10

[2011/08/14 12:47:33 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX8

[2011/08/14 12:46:32 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX7

[2011/08/14 12:40:37 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX6

[2011/08/14 12:40:34 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX5

[2011/08/14 12:40:30 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX4

[2011/08/14 12:38:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2011/08/14 12:36:17 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX3

[2011/08/14 12:36:13 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX2

[2011/08/14 12:36:07 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX0

[2011/08/14 12:35:17 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\CrashDumps

[2011/08/14 12:34:52 | 000,000,000 | ---D | C] -- C:\Users\Hayden\RarSFX1

[2011/08/14 12:32:36 | 000,000,000 | ---D | C] -- C:\Users\Hayden\Desktop\RK_Quarantine

[2011/08/14 12:19:20 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11650

[2011/08/14 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9517

[2011/08/14 12:19:06 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11604

[2011/08/14 01:21:48 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir13888

[2011/08/14 01:21:40 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir13862

[2011/08/14 01:21:40 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir13031

[2011/08/14 01:19:38 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2011/08/14 01:17:09 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir12977

[2011/08/14 01:16:58 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir29404

[2011/08/14 01:16:58 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir12941

[2011/08/14 01:11:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir4060

[2011/08/14 01:11:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11779

[2011/08/14 01:09:08 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11406

[2011/08/14 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir24971

[2011/08/14 01:09:02 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir11387

[2011/08/14 01:03:39 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir10332

[2011/08/14 01:03:28 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir6715

[2011/08/14 01:03:28 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir10296

[2011/08/14 00:59:46 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9568

[2011/08/14 00:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9539

[2011/08/14 00:59:36 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir3453

[2011/08/14 00:56:56 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir9016

[2011/08/14 00:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir8980

[2011/08/14 00:56:45 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir483

[2011/08/14 00:31:31 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool

[2011/08/14 00:12:54 | 000,000,000 | ---D | C] -- C:\Users\Hayden\hsperfdata_Hayden

[2011/08/14 00:12:21 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir281

[2011/08/14 00:12:11 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir29549

[2011/08/14 00:12:11 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir248

[2011/08/13 23:46:24 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\NVIDIA

[2011/08/13 23:46:21 | 000,000,000 | ---D | C] -- C:\Users\Hayden\UCDebugger

[2011/08/13 23:40:17 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir26766

[2011/08/13 23:40:03 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir26720

[2011/08/13 23:40:03 | 000,000,000 | ---D | C] -- C:\Users\Hayden\scoped_dir15997

[2011/08/13 23:39:32 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Local\VirtualStore

[2011/08/13 21:54:57 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\Macromedia

[2011/08/13 21:36:36 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

[2011/08/13 21:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/08/13 21:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/08/13 13:17:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield

[2011/08/13 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan

[2011/08/05 14:19:48 | 000,000,000 | ---D | C] -- C:\Users\Hayden\AppData\Roaming\uTorrent

[2011/07/31 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Hayden\ir_ext_temp_0

[2011/07/20 16:29:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011

[2011/07/20 16:28:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG

[2011/07/18 18:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET

[2011/07/17 13:07:19 | 000,000,000 | ---D | C] -- C:\Users\Hayden\{FD9F405E-A779-47F7-B79F-28B812CA5DEF}

[2011/07/17 13:07:13 | 000,000,000 | ---D | C] -- C:\Users\Hayden\{03589E5E-3E9F-4B4D-8671-DCB8EF416636}

[3 C:\Users\Hayden\*.tmp files -> C:\Users\Hayden\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/15 11:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/08/15 11:45:04 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys

[2011/08/15 11:04:33 | 000,000,000 | -H-- | M] () -- C:\Users\Hayden\etilqs_XB7P0pBgngQHJWZE6ZlX

[2011/08/15 10:23:54 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/08/15 10:23:54 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/08/15 10:23:50 | 000,579,584 | ---- | M] () -- C:\Users\Hayden\Desktop\OTL.scr

[2011/08/15 10:20:07 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/08/15 10:20:07 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/08/14 23:00:20 | 000,037,223 | ---- | M] () -- C:\Users\Hayden\Desktop\Cool House Design.jpg

[2011/08/14 16:54:33 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/08/14 16:48:48 | 004,171,847 | R--- | M] (Swearware) -- C:\Users\Hayden\Desktop\Combo-Fix.exe

[2011/08/14 14:54:41 | 204,759,850 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/08/14 14:53:36 | 000,002,908 | ---- | M] () -- C:\Users\Hayden\WERD9BC.tmp.WERInternalMetadata.xml

[2011/08/14 13:24:29 | 000,000,000 | -H-- | M] () -- C:\Users\Hayden\etilqs_V40NWVIALECzc7Dp0Bia

[2011/08/14 12:55:29 | 000,002,908 | ---- | M] () -- C:\Users\Hayden\WERD5C5.tmp.WERInternalMetadata.xml

[2011/08/14 12:55:29 | 000,002,908 | ---- | M] () -- C:\Users\Hayden\WERD5B5.tmp.WERInternalMetadata.xml

[2011/08/14 12:40:25 | 001,008,092 | ---- | M] () -- C:\Users\Hayden\Desktop\iExplore.exe

[2011/08/14 12:40:16 | 001,008,092 | ---- | M] () -- C:\Users\Hayden\Desktop\eXplorer.exe

[2011/08/14 12:34:28 | 001,008,092 | ---- | M] () -- C:\Users\Hayden\Desktop\rkill.com

[2011/08/14 12:27:16 | 000,555,008 | ---- | M] () -- C:\Users\Hayden\Desktop\RogueKiller.exe

[2011/08/14 01:44:16 | 000,049,208 | ---- | M] () -- C:\Users\Hayden\Hayden.bmp

[2011/08/13 23:20:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/08/05 14:21:36 | 000,000,000 | ---- | M] () -- C:\Users\Hayden\utt8356.tmp.old

[2011/08/05 14:19:53 | 000,000,000 | ---- | M] () -- C:\Users\Hayden\uttF319.tmp.old

[2011/07/20 16:10:41 | 000,000,184 | ---- | M] () -- C:\Windows\System32\repair.bat

[2011/07/18 18:43:50 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[3 C:\Users\Hayden\*.tmp files -> C:\Users\Hayden\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/15 11:00:15 | 000,000,000 | -H-- | C] () -- C:\Users\Hayden\etilqs_XB7P0pBgngQHJWZE6ZlX

[2011/08/15 10:23:46 | 000,579,584 | ---- | C] () -- C:\Users\Hayden\Desktop\OTL.scr

[2011/08/14 23:00:28 | 000,037,223 | ---- | C] () -- C:\Users\Hayden\Desktop\Cool House Design.jpg

[2011/08/14 16:49:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/08/14 16:49:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/08/14 16:49:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/08/14 16:49:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/08/14 16:49:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/08/14 14:53:36 | 000,002,908 | ---- | C] () -- C:\Users\Hayden\WERD9BC.tmp.WERInternalMetadata.xml

[2011/08/14 13:24:11 | 000,000,000 | -H-- | C] () -- C:\Users\Hayden\etilqs_V40NWVIALECzc7Dp0Bia

[2011/08/14 12:55:29 | 000,002,908 | ---- | C] () -- C:\Users\Hayden\WERD5C5.tmp.WERInternalMetadata.xml

[2011/08/14 12:55:29 | 000,002,908 | ---- | C] () -- C:\Users\Hayden\WERD5B5.tmp.WERInternalMetadata.xml

[2011/08/14 12:40:19 | 001,008,092 | ---- | C] () -- C:\Users\Hayden\Desktop\iExplore.exe

[2011/08/14 12:40:11 | 001,008,092 | ---- | C] () -- C:\Users\Hayden\Desktop\eXplorer.exe

[2011/08/14 12:38:08 | 204,759,850 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2011/08/14 12:34:25 | 001,008,092 | ---- | C] () -- C:\Users\Hayden\Desktop\rkill.com

[2011/08/14 12:27:15 | 000,555,008 | ---- | C] () -- C:\Users\Hayden\Desktop\RogueKiller.exe

[2011/08/14 01:43:41 | 000,049,208 | ---- | C] () -- C:\Users\Hayden\Hayden.bmp

[2011/08/13 23:20:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

[2011/08/05 14:21:36 | 000,000,000 | ---- | C] () -- C:\Users\Hayden\utt8356.tmp.old

[2011/08/05 14:19:53 | 000,000,000 | ---- | C] () -- C:\Users\Hayden\uttF319.tmp.old

[2011/07/20 16:10:41 | 000,000,184 | ---- | C] () -- C:\Windows\System32\repair.bat

[2011/07/18 18:43:50 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk

[2011/07/18 18:43:50 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk

[2011/07/05 12:16:42 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll

[2011/07/05 12:16:42 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys

[2011/07/01 16:25:48 | 000,003,475 | ---- | C] () -- C:\Windows\System32\wbers.dat

[2011/07/01 16:25:46 | 000,025,963 | ---- | C] () -- C:\Windows\System32\wbers.dat.dmp

[2011/06/24 14:55:31 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/06/17 07:17:33 | 000,003,584 | ---- | C] () -- C:\Users\Hayden\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/17 07:04:54 | 000,000,007 | ---- | C] () -- C:\Windows\treeskp.sys

[2011/06/17 07:04:54 | 000,000,007 | ---- | C] () -- C:\Windows\sbacknt.bin

[2011/06/12 13:16:49 | 000,000,047 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009/07/14 05:33:53 | 000,406,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,659,580 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,120,508 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009/07/14 01:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

========== LOP Check ==========

[2011/08/15 10:29:00 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\.minecraft

[2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\AVG10

[2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\AVG9

[2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\BitTorrent

[2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\ijjigame

[2011/08/14 09:54:09 | 000,000,000 | ---D | M] -- C:\Users\Hayden\AppData\Roaming\uTorrent

[2009/07/14 05:53:46 | 000,009,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2011/06/13 19:20:52 | 000,531,256 | ---- | M] () -- C:\AnalysisLog.sr0

[2011/07/05 12:13:45 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp

[2009/06/10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2011/08/14 16:50:11 | 000,000,072 | ---- | M] () -- C:\Av-test.txt

[2009/07/14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2011/06/04 19:39:05 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2005/04/08 03:16:43 | 000,000,015 | -H-- | M] () -- C:\cglogs.dat

[2009/06/10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2011/08/15 11:45:04 | 2414,731,264 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/24 22:55:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2011/08/14 16:56:14 | 000,024,048 | ---- | M] () -- C:\log.txt

[2010/03/24 22:55:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2011/07/05 12:16:57 | 000,008,170 | ---- | M] () -- C:\NclRegPermissions(1).log

[2011/08/15 11:45:03 | 3219,644,416 | -HS- | M] () -- C:\pagefile.sys

[2011/08/14 13:32:05 | 000,000,745 | ---- | M] () -- C:\rke1.log

[2011/08/14 13:32:05 | 000,000,745 | ---- | M] () -- C:\rkend.log

[2011/08/14 14:53:36 | 000,001,735 | ---- | M] () -- C:\rkill.log

[2011/08/14 13:32:05 | 000,000,000 | ---- | M] () -- C:\rkstart.log

[2011/07/13 16:37:14 | 000,001,896 | ---- | M] () -- C:\Silverlight0.log

[2011/07/13 16:37:14 | 001,426,364 | ---- | M] () -- C:\SilverlightMSI.log

[2011/06/04 10:49:34 | 000,171,136 | RHS- | M] () -- C:\w7ldr

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2009/07/14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\jnwppr.dll

[2009/07/14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\Spool\prtprocs\w32x86\winprint.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\* >

[2009/07/14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Hayden\AppData\Local\Google\Chrome\Application\chrome.exe" [2011/07/09 05:51:19 | 001,012,792 | ---- | M] (Google Inc.)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/06/04 17:42:42 | 000,074,240 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/06/04 17:42:42 | 000,748,336 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/06/04 17:42:42 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >