Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan horse Generic26.AJBX [Solved]


  • This topic is locked This topic is locked

#1
windoftime2

windoftime2

    Member

  • Member
  • PipPip
  • 36 posts
My computer seems fine except for random internet pages popping up. I have tried removing through Malware bytes anti malware but it does seem to work AVG keeps trying to vault it. The name of the virus according to AVG is Trojan horse Generic26.AJBX. I scanned with malware bytes and it found 6 different infections three of them were registry infections. AVG give files path c:\Users\Jason\Documents\84wEp1CS3.exe. I have not downloaded anything i first got this after accidently clicking a ad on the side. Malware Bytes showed it as being clean and i just got reinfected some how. i have only been on this site since i got infected. I just need to know if i can get rid of this.



OTL logfile created on: 12/20/2011 5:19:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jason\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 68.38% Memory free
6.49 Gb Paging File | 5.43 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 57.68 Gb Free Space | 19.35% Space Free | Partition Type: NTFS

Computer Name: KIKYOU | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 05:18:30 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
PRC - [2011/12/14 08:17:10 | 005,779,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgmfapx.exe
PRC - [2011/12/03 01:22:12 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/11/28 01:19:04 | 001,229,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/11/09 13:36:24 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/15 02:53:00 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/10/15 02:53:00 | 001,328,960 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/10/14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) -- C:\Program Files\Tunngle\TnglCtrl.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/10 05:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/30 09:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 19:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 13:36:24 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/08 14:46:02 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/14 23:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/09/09 16:11:18 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/15 06:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/20 06:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2010/03/24 20:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/14 14:27:28 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/15 02:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 23:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/10/14 14:49:38 | 000,745,832 | ---- | M] (Tunngle.net GmbH) [Auto | Running] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/09 00:00:00 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/08/04 13:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/19 14:23:26 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/23 21:19:15 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 19:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 19:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 19:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)


========== Driver Services (SafeList) ==========

DRV - [2011/11/03 03:23:46 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/11/03 03:23:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/10/15 02:53:00 | 010,327,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/10/07 05:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 05:21:28 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/09/01 01:42:57 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:14 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:12 | 000,134,736 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 00:14:12 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/05/25 00:09:08 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010/11/20 06:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 06:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 06:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 03:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 03:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/12 02:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/01/07 08:20:00 | 000,583,680 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/11/05 04:51:12 | 000,376,832 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2009/09/16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009/07/13 17:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6F 23 16 98 C1 19 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.102.0: C:\Program Files\Battlelog Web Plugins\1.102.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/07/19 14:08:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/12/14 08:26:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 13:36:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/05/26 12:33:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\mozilla\Extensions
[2011/10/28 21:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\mozilla\Firefox\Profiles\v6mpz0xy.default\extensions
[2011/10/28 21:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jason\AppData\Roaming\mozilla\Firefox\Profiles\v6mpz0xy.default\extensions\TRASH
[2011/11/09 13:36:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/06 20:37:48 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/12/14 08:26:45 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
[2011/11/09 13:36:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/01 17:04:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/09 13:36:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

Hosts file not found
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RaidCall] C:\Program Files\raidcall\raidcall.exe (RAIDCALL.COM)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Jason\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000045 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000046 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000047 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000048 - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38287948-14E8-49BE-9F1F-19BD7DB34594}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E09E88E-9616-431E-8CD7-A62FA70B5E25}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89811D39-A308-48A0-BC96-85C413A120C8}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDF76C2E-62B9-464B-9CB0-2CE50BDC8176}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2651ec1b-85b0-11e0-81db-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2651ec1b-85b0-11e0-81db-806e6f6e6963}\Shell\AutoRun\command - "" = D:\OblivionLauncher.exe
O33 - MountPoints2\{568af593-be49-11e0-9529-001d09893c17}\Shell - "" = AutoRun
O33 - MountPoints2\{568af593-be49-11e0-9529-001d09893c17}\Shell\AutoRun\command - "" = I:\unlock.exe autoplay=true
O33 - MountPoints2\{ab4a3cb3-ec14-11e0-97ef-001d09893c17}\Shell - "" = AutoRun
O33 - MountPoints2\{ab4a3cb3-ec14-11e0-97ef-001d09893c17}\Shell\AutoRun\command - "" = I:\iStudio.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/20 05:16:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{51CCACAD-9534-4A7C-BE56-7571F05081BC}
[2011/12/19 14:10:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{863CBAF4-12F7-4A73-97DA-2E560BDC37D3}
[2011/12/19 12:53:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F254188D-DFAC-4F1B-ABC9-EDBFDACCC7FD}
[2011/12/19 11:51:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{6AE67882-C326-431A-9ACF-666D4CAF25F2}
[2011/12/19 02:15:17 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EEE6AD8A-C190-4BA9-89B3-8A29DD1FD235}
[2011/12/19 02:15:06 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{84DF4F17-1966-422F-9A1C-66CCFB543142}
[2011/12/18 06:56:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\ArcheAge
[2011/12/18 06:41:32 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EEA00C75-C6FB-4DEF-86DD-CA31C58AFE14}
[2011/12/18 06:41:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{66971454-C2B8-4FD1-9866-52F175B07966}
[2011/12/17 01:20:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9FF4AAAD-4F4A-41AF-AF9E-0D4C763529CF}
[2011/12/17 01:20:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4CD2A2DA-4E11-423E-8E0B-343182B42883}
[2011/12/16 09:10:54 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{044C0A5D-55F8-416F-B17A-E46EBD88429F}
[2011/12/16 09:10:28 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{108B9F5F-8DD7-4B83-B9DD-46C638B76CA8}
[2011/12/15 08:23:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9C396288-0231-432C-B99B-9DE6CD4F6712}
[2011/12/15 08:23:31 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{91D49E93-37D9-47F8-8085-B4654F868849}
[2011/12/13 23:03:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BBB6884E-8BC7-4EBB-ADE9-328898E53C4E}
[2011/12/12 03:47:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Chromium
[2011/12/12 03:47:15 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\ArcheAge
[2011/12/12 03:46:33 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{ECA6062C-5ADB-4828-9B41-91147898BFDE}
[2011/12/12 03:42:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcheAge
[2011/12/12 03:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\ArcheAge
[2011/12/11 19:02:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{53EB20DD-0FA3-4589-A114-C08BE9880E95}
[2011/12/10 16:37:47 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EE0EA043-4A8D-46E2-8690-889E924309A4}
[2011/12/10 16:37:35 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F8417880-2CA6-4109-9669-80F43D3DE64B}
[2011/12/09 16:38:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{F8861B4B-964C-4F63-9047-8A1188C2B7E0}
[2011/12/09 16:38:03 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{614CD8D5-5CE8-499F-9EBA-ABCA5D3A5796}
[2011/12/08 19:29:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{BF2E86E0-0827-4E35-B057-B9806F23C1B6}
[2011/12/08 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{26EC0D79-05CC-4C5C-9B15-3F6CB17EFF31}
[2011/12/08 16:29:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{EFC98011-FED7-4D02-8C58-99FC8432716E}
[2011/12/05 18:24:34 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{B3A5AC7E-AF57-46AC-87A3-630CB9909A10}
[2011/12/04 20:08:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{FF7E013B-8DB4-4E23-83AE-1603EC4B6DCD}
[2011/12/03 09:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{C6415CE2-D245-415A-96B4-8AA725078A9F}
[2011/12/02 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{9CBDDCE5-A52A-44E9-90D8-B5EF2B79E2A6}
[2011/12/02 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{8AA70561-029F-4130-B2D6-4308286B5072}
[2011/12/01 08:23:29 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{091AFCAC-AE17-4D53-AEEF-F7A86334799F}
[2011/12/01 08:23:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DED6179C-1F8E-4027-8044-59238C607D26}
[2011/11/30 19:30:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7B11D450-1729-49A3-B7F5-0AC8F3AD844D}
[2011/11/30 19:29:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2CA1BCC4-BBF1-4708-B2FF-8ACE273F176D}
[2011/11/30 07:29:16 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{2F52D4DE-020C-4E92-89B1-18F32727A09B}
[2011/11/30 07:29:05 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{57838738-4826-4E72-BBF6-54ABE92D0F7A}
[2011/11/29 08:01:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{87A93D55-8FBC-4805-AF53-EA1D542EC9C7}
[2011/11/29 08:01:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{47FE3243-FB88-4344-BC1F-6BAF0D568AD2}
[2011/11/28 16:13:19 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DC2A8B98-ABB6-41E3-BE10-A83A94224B35}
[2011/11/28 16:13:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{1DC117C8-4BE0-47E8-BE2E-C0FAF968953E}
[2011/11/28 15:32:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2011/11/28 07:04:07 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{4FDA0AB1-649F-43AD-815D-5E52F32A0880}
[2011/11/27 06:02:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{35AEC77D-1EC9-4C42-89CC-6DD61B443A29}
[2011/11/25 05:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Tunngle
[2011/11/25 05:17:09 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Tunngle
[2011/11/25 05:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle
[2011/11/25 05:17:08 | 000,027,136 | ---- | C] (Tunngle.net) -- C:\Windows\System32\drivers\tap0901t.sys
[2011/11/25 05:17:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle
[2011/11/25 05:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2011/11/25 05:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Tunngle
[2011/11/25 02:57:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{45AB636E-4005-452B-839B-4EA223899B78}
[2011/11/24 12:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2011/11/24 12:11:42 | 000,000,000 | ---D | C] -- C:\Program Files\THQ
[2011/11/23 21:50:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E6618589-9A70-4C12-90A7-2A56A6AF8C35}
[2011/11/23 01:38:43 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2011/11/23 00:51:24 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{5447B8D6-63F2-4AF3-B3C9-4AE76900383C}
[2011/11/23 00:51:12 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{DD1D5E0E-937D-40B3-A64D-B5317AECFA31}
[2011/11/22 12:14:01 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/22 12:06:56 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Data
[2011/11/22 11:57:13 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\obse_0020
[2011/11/22 11:52:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\obse_0020
[2011/11/22 11:26:36 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\Oblivion
[2011/11/21 22:40:58 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D93C0E17-0FBF-453A-B0BD-79AB9B82A160}
[2011/11/21 22:40:25 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{7556B317-BC03-4B0B-AAC6-8394B0FF820B}
[2011/11/20 20:42:23 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{E6A9E631-6665-469A-81AC-8F04E126D195}
[2011/11/20 20:42:11 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\{D860C1B4-7601-4D82-8AC6-A5EA6E4350BD}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/20 05:20:31 | 000,660,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/20 05:20:31 | 000,120,950 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 05:18:53 | 084,661,962 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/12/20 05:15:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 05:14:59 | 2615,808,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/19 16:02:33 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Access.dat
[2011/12/19 14:25:55 | 000,019,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 14:25:55 | 000,019,040 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/19 10:41:39 | 000,001,272 | -HS- | M] () -- C:\Users\Jason\AppData\Local\787772d6t052h555r358d3lui8o1
[2011/12/19 10:41:39 | 000,001,272 | -HS- | M] () -- C:\ProgramData\787772d6t052h555r358d3lui8o1
[2011/12/19 10:41:38 | 000,392,192 | ---- | M] () -- C:\Users\Jason\Documents\84wEp1CS3.exe
[2011/12/18 17:23:48 | 000,277,094 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/12/13 05:30:29 | 000,014,276 | ---- | M] () -- C:\Users\Jason\Documents\meta.xml
[2011/12/12 03:45:13 | 000,427,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 03:42:15 | 000,000,001 | ---- | M] () -- C:\boot.bak
[2011/12/12 03:42:08 | 000,001,052 | ---- | M] () -- C:\Users\Jason\Desktop\ArcheAge.lnk
[2011/12/07 15:10:57 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/25 05:45:26 | 000,001,647 | ---- | M] () -- C:\Users\Jason\Desktop\Saints Row.lnk
[2011/11/25 05:17:08 | 000,000,923 | ---- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/11/25 05:17:08 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/11/24 05:25:56 | 000,140,072 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/11/24 05:25:47 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2011/11/24 05:01:04 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2011/11/23 01:41:22 | 000,001,564 | ---- | M] () -- C:\Users\Jason\Desktop\Payday The Heist.lnk
[2011/11/23 01:26:20 | 000,000,896 | ---- | M] () -- C:\Users\Jason\Desktop\SmartSteam.lnk
[2011/11/22 12:09:10 | 000,000,025 | ---- | M] () -- C:\Users\Public\Documents\realmlist.wth
[2011/11/22 02:50:48 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2011/11/22 02:50:32 | 000,138,056 | ---- | M] () -- C:\Users\Jason\AppData\Roaming\PnkBstrK.sys
[2011/11/22 02:44:31 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/19 10:41:38 | 000,392,192 | ---- | C] () -- C:\Users\Jason\Documents\84wEp1CS3.exe
[2011/12/19 10:41:33 | 000,001,272 | -HS- | C] () -- C:\Users\Jason\AppData\Local\787772d6t052h555r358d3lui8o1
[2011/12/19 10:41:33 | 000,001,272 | -HS- | C] () -- C:\ProgramData\787772d6t052h555r358d3lui8o1
[2011/12/13 05:30:28 | 000,014,276 | ---- | C] () -- C:\Users\Jason\Documents\meta.xml
[2011/12/12 03:42:15 | 000,000,001 | ---- | C] () -- C:\boot.bak
[2011/12/12 03:42:08 | 000,001,052 | ---- | C] () -- C:\Users\Jason\Desktop\ArcheAge.lnk
[2011/11/27 21:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2011/11/25 05:45:26 | 000,001,647 | ---- | C] () -- C:\Users\Jason\Desktop\Saints Row.lnk
[2011/11/25 05:17:08 | 000,000,923 | ---- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk
[2011/11/25 05:17:08 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk
[2011/11/23 01:26:20 | 000,000,896 | ---- | C] () -- C:\Users\Jason\Desktop\SmartSteam.lnk
[2011/11/22 12:09:10 | 000,000,025 | ---- | C] () -- C:\Users\Public\Documents\realmlist.wth
[2011/11/03 03:23:46 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/11/03 03:23:45 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/10/14 23:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011/09/02 11:15:45 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/08/31 23:39:25 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2011/08/31 23:39:25 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2011/07/24 01:14:53 | 000,140,072 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011/07/24 01:14:53 | 000,138,056 | ---- | C] () -- C:\Users\Jason\AppData\Roaming\PnkBstrK.sys
[2011/07/24 01:14:15 | 000,280,904 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011/07/24 01:14:12 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2011/07/24 01:14:12 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011/07/24 00:59:54 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/07/13 18:28:28 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe
[2011/06/27 18:27:19 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/06/26 21:13:14 | 000,007,605 | ---- | C] () -- C:\Users\Jason\AppData\Local\Resmon.ResmonCfg
[2011/05/26 17:06:25 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/26 17:03:06 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/05/23 21:34:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/07/13 22:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:33:53 | 000,427,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 20:05:48 | 000,660,022 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 20:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 20:05:48 | 000,120,950 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 20:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 20:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 20:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 17:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/09/29 05:11:48 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\.minecraft
[2011/12/19 07:38:21 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ArcheAge
[2011/09/28 09:12:20 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\AVG
[2011/09/06 18:35:23 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\AVG2012
[2011/09/23 00:08:42 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Darkfall
[2011/08/06 01:32:04 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Darkfall US
[2011/12/14 09:01:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\FileZilla
[2011/11/03 05:27:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\GameRanger
[2011/09/30 09:52:51 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\gtk-2.0
[2011/08/05 01:18:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mount&Blade Warband
[2011/11/19 23:39:54 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Mumble
[2011/10/28 01:47:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Origin
[2011/08/20 21:49:46 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\The Creative Assembly
[2011/11/25 18:11:08 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Tunngle
[2011/11/03 04:07:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Ubisoft
[2011/11/14 18:16:45 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Xilisoft
[2011/11/18 21:33:35 | 000,032,572 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >



OTL Extras logfile created on: 12/20/2011 5:19:16 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Jason\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 68.38% Memory free
6.49 Gb Paging File | 5.43 Gb Available in Paging File | 83.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 57.68 Gb Free Space | 19.35% Space Free | Partition Type: NTFS

Computer Name: KIKYOU | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E74D41C-5864-4561-9F6B-069372513A0B}" = AVG 2012
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398852A-7B61-4808-8F58-D0A40D1B2CB6}" = AVG 2012
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{ABA3FC9F-3B5C-4C0B-A0F2-4AD293AE5CC4}" = Darkfall US
"{AC524B17-B82D-414A-B2E2-C38DC4ABF5C9}" = Darkfall
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D593C72C-435B-4171-8106-9CA8AA34D716}" = Belkin Wireless G USB Adapter Driver
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Aeria Downloader" = Aeria Downloader
"Akamai" = Akamai NetSession Interface Service
"ArcheAge" = ArcheAge CBT4
"AVG" = AVG 2012
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"CCleaner" = CCleaner
"Dream of Mirror Online" = Dream of Mirror Online
"ESN Sonar-0.70.4" = ESN Sonar
"FileZilla Client" = FileZilla Client 3.5.2
"Fraps" = Fraps
"InstallShield_{AFD89880-C544-4777-B645-FBF6D3391B11}" = Belkin F7D1101 Basic Wireless USB Adapter
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"Payday The Heist © OVERKILL Software_is1" = Payday The Heist © OVERKILL Software version 1
"Police Pursuit Mod 7.6d 7.6d" = Police Pursuit Mod 7.6d 7.6d
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RaidCall" = RaidCall
"Saints Row The Third_is1" = Saints Row The Third
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 105600" = Terraria
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12220" = Grand Theft Auto: Episodes from Liberty City
"Steam App 17500" = Zombie Panic Source
"Steam App 218" = Source SDK Base 2007
"Steam App 22100" = Mount & Blade
"Steam App 22380" = Fallout: New Vegas
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 34330" = Total War: SHOGUN 2
"Steam App 42910" = Magicka
"Steam App 48700" = Mount & Blade: Warband
"Steam App 48720" = Mount & Blade: With Fire and Sword
"Steam App 61520" = Age of Wonders: Shadow Magic
"Steam App 64000" = Men of War: Assault Squad
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Stronghold 3_is1" = Stronghold 3
"Tunngle beta_is1" = Tunngle beta
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2011 11:09:48 AM | Computer Name = Kikyou | Source = Windows Search Service | ID = 9002
Description =

Error - 12/16/2011 11:09:48 AM | Computer Name = Kikyou | Source = Windows Search Service | ID = 3029
Description =

Error - 12/16/2011 11:09:49 AM | Computer Name = Kikyou | Source = Windows Search Service | ID = 3029
Description =

Error - 12/16/2011 11:09:49 AM | Computer Name = Kikyou | Source = Windows Search Service | ID = 3028
Description =

Error - 12/16/2011 11:09:49 AM | Computer Name = Kikyou | Source = Windows Search Service | ID = 3058
Description =

Error - 12/16/2011 11:09:49 AM | Computer Name = Kikyou | Source = Windows Search Service | ID = 7010
Description =

Error - 12/18/2011 12:02:09 PM | Computer Name = Kikyou | Source = Application Error | ID = 1000
Description = Faulting application name: GameOverlayUI.exe, version: 1.18.78.51,
time stamp: 0x4e6929b8 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x0001f8a4 Faulting
process id: 0x16bc Faulting application start time: 0x01ccbd8dda7e1909 Faulting application
path: C:\Program Files\Steam\GameOverlayUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: a379ec64-2991-11e1-89d5-001d09893c17

Error - 12/19/2011 12:10:22 PM | Computer Name = Kikyou | Source = Application Error | ID = 1000
Description = Faulting application name: GameOverlayUI.exe, version: 1.18.78.51,
time stamp: 0x4e6929b8 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7b96e Exception code: 0xc0000005 Fault offset: 0x0001f8a4 Faulting
process id: 0x5a8 Faulting application start time: 0x01ccbe559314b17b Faulting application
path: C:\Program Files\Steam\GameOverlayUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: f3d4042a-2a5b-11e1-a7ef-001d09893c17

Error - 12/19/2011 5:32:08 PM | Computer Name = Kikyou | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process
id: 0x13ec Faulting application start time: 0x01ccbe94b8aa4d45 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\SHLWAPI.dll
Report
Id: e6bafc46-2a88-11e1-b8f2-001d09893c17

Error - 12/19/2011 5:41:32 PM | Computer Name = Kikyou | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x00014705 Faulting process
id: 0x12b4 Faulting application start time: 0x01ccbe95d065c235 Faulting application
path: C:\Windows\System32\ping.exe Faulting module path: C:\Windows\system32\SHLWAPI.dll
Report
Id: 36eefcf3-2a8a-11e1-b8f2-001d09893c17

[ System Events ]
Error - 12/19/2011 6:02:33 PM | Computer Name = Kikyou | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/20/2011 7:14:37 AM | Computer Name = Kikyou | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 12/20/2011 7:15:07 AM | Computer Name = Kikyou | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/20/2011 7:15:07 AM | Computer Name = Kikyou | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/20/2011 7:15:07 AM | Computer Name = Kikyou | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/20/2011 7:15:08 AM | Computer Name = Kikyou | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/20/2011 7:15:11 AM | Computer Name = Kikyou | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 12/20/2011 7:15:13 AM | Computer Name = Kikyou | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 12/20/2011 7:15:16 AM | Computer Name = Kikyou | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.

Error - 12/20/2011 7:17:11 AM | Computer Name = Kikyou | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = There was an error while attempting to read the local hosts file.


< End of report >

Attached Files


  • 0

Advertisements


#2
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Another virus AVG tried to block.

File name: ymasuker.c0m.li/main.php?page=c28a3874a825b717

Threat name: Exploit Blackhole Exploit Kit (type 2081)
  • 0

#3
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Two more Trojan horse Generic26.AJBX were found by AVG
  • 0

#4
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Another virus

File name: tubeni.com/enterpoint.php?ppconly

Threat name: Exploit JavaScript Obfuscation (type 156)
  • 0

#5
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Please can anyone help the longer it sits the worse it gets i don't have any kind of reboot disks for it.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
If you answer yourself you will get bypassed as we look for zero replies

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

FINALLY

Do the following:
  • Click on the Start button and then choose Control Panel.
  • Click on the System and Security link.

    Note: If you're viewing the Large icons or Small icons view of Control Panel, you won't see this link so just click on the Administrative Tools icon and skip to Step 4.
  • In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
  • In the Administrative Tools window, double-click on the Computer Management icon.
  • When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.

    After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.

    Note: If you don't see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
  • 0

#7
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
It gets to screen where is says "Scanning for infected files . . . This Typically doesn't take more then 10 minutes. However, scan times for badly infected machines may easily double". Its been scanning for 2 hours and has not said anything... I have not touched anything its sat untouched for 2 whole hours i didn't know how to disable AVG so i uninstalled it completely i clicked disable but the Combofix still said it might mess it up. So i uninstalled it and Combofix still prompts that it could mess the scan up how longs it take to scan?



Nevermind it restarted 15 second after i posted this.

Edited by windoftime2, 20 December 2011 - 06:53 PM.

  • 0

#8
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
It gets to screen where is says "Scanning for infected files . . . This Typically doesn't take more then 10 minutes. However, scan times for badly infected machines may easily double". Its been scanning for 2 hours and has not said anything... I have not touched anything its sat untouched for 2 whole hours i didn't know how to disable AVG so i uninstalled it completely i clicked disable but the Combofix still said it might mess it up. So i uninstalled it and Combofix still prompts that it could mess the scan up how longs it take to scan?


It gave a blue error screen before shutting down upon start up it promted that my recycle bin was corrupt and then ask edit security

Now most files on my screen has locks on them.

There is also no Combofix.txt file in c:/

Yeah whole lot of files missing looks like i just gonna have to find a way to restore to factory settings right?

Edited by windoftime2, 21 December 2011 - 09:20 AM.

  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not necessarily :) Although that option is open to you

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
Megaupload
  • 0

#10
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
After i did that Combofix thing my computer locked access to most of my programs and will not like mozilla firefox start up.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reboot the computer please and they will be accessible
  • 0

#12
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I rebooted and when i turned it on against it still had locked down.
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What does it state when you try to run a programme ?
  • 0

#14
windoftime2

windoftime2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Profile Missing

Your Firefox profile cannot be loaded. It maybe be missing or inaccessible.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
So it is just Firefox that has this problem ?

There is a firefox profile recovery page here
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP