Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser/computer lock up and unreponsive

Started by shsanford , Feb 17 2012 03:56 PM

  • Please log in to reply

#1
shsanford
Posted 17 February 2012 - 03:56 PM

shsanford

    New Member

  • Member
  • Pip
  • 1 posts
The day before yesterday I think I might have been infected with something from a site called coloholics.ca
It was the only site that I've been to that isn't trusted/isn't where I normally go.
The moment I saw that WoT turned red and that it wasn't a trusted site, I closed it before the WoT notification even needed to show up.

I booted it up yesterday and firefox became unresponsive as well as the computer running very slowly in general.
Since then, I've done several things to try and remove the problem.
I tried malwarebytes, bitdefender, spybot, and superantispyware.
SaS was the only one that had the most luck finding a few things.
other than several tracking cookies, it found something called hijack.tubby.

I've tried running everything in safe mode, with the exception of bitdefender which tells me to go online to their site.

I was hoping that someone could please help me. I can't afford to take it to the shop and frankly, I'm a little afraid to.

I'm running Windows 7.

Edit;; I noticed that one of my svchost.exe files went from using 80k memory to 144k. Now it's at 128k. Is this normal?
Edit 2;; Bitdefender, malwarebytes, superantispyware, and spybot are all running clean and I still don't know what the issue is. I saw online that the default BIOS setting could be too high for the computer. Could this be the issue?

Here is the OTL report.

OTL logfile created on: 2/17/2012 3:50:44 PM - Run 1
OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Shannon\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.65% Memory free
8.00 Gb Paging File | 6.24 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1520.54 Gb Free Space | 81.62% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 36.87 Gb Free Space | 7.92% Space Free | Partition Type: NTFS

Computer Name: SHANNON-PC | User Name: Shannon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/17 15:38:38 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shannon\Downloads\OTL.exe
PRC - [2011/08/20 11:53:11 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\firefox.exe
PRC - [2011/08/20 11:53:11 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugin-container.exe
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/21 15:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/08/24 03:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/20 11:53:11 | 001,000,920 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\js3250.dll
MOD - [2011/05/03 14:05:07 | 006,053,536 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/03/21 15:10:36 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/03/21 15:10:00 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/17 00:23:55 | 001,953,032 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe -- (vsserv)
SRV:64bit: - [2012/02/17 00:23:27 | 000,062,512 | ---- | M] (Bitdefender) [Auto | Running] -- C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe -- (UPDATESRV)
SRV:64bit: - [2012/02/17 00:21:21 | 000,466,736 | ---- | M] (BitDefender) [On_Demand | Stopped] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe -- (Update Server)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/24 03:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/17 00:22:39 | 000,544,552 | ---- | M] (BitDefender) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\avckf.sys -- (avckf)
DRV:64bit: - [2012/02/17 00:22:17 | 000,691,384 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avc3.sys -- (avc3)
DRV:64bit: - [2012/02/17 00:21:50 | 000,103,504 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2012/02/17 00:21:16 | 000,079,952 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2012/02/17 00:21:10 | 000,329,800 | ---- | M] (BitDefender S.R.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2012/02/17 00:21:07 | 000,258,736 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2012/02/17 00:21:06 | 000,442,088 | ---- | M] (BitDefender) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2011/12/03 15:21:43 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/03/21 12:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/01/19 18:32:40 | 000,103,944 | ---- | M] (BitDefender) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\bdvedisk.sys -- (BDVEDISK)
DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/09/23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/09/28 02:02:40 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\Shannon\My Documents\PeerBlock_r181__x64_Release_(Vista)\pbfilter.sys -- (pbfilter)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 66 BA E6 80 5F CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "data:text/plain,browser.search.defaultenginename=google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110621
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20111107
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30
FF - prefs.js..keyword.URL: "http://www.google.co...-8&oe=UTF-8&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Shannon\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/03 20:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/03 20:50:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/11/14 20:19:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\components [2012/02/16 23:49:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins [2011/11/14 20:19:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\Bitdefender\Bitdefender 2012\bdtbext\ [2012/02/17 02:12:31 | 000,000,000 | ---D | M]

[2011/01/25 15:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Extensions
[2011/01/25 15:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/02/17 00:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\zi1rf4wq.default\extensions
[2011/06/28 13:29:04 | 000,000,000 | ---D | M] ("tektek.org GaiaOnline Toolbar 2.1") -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\zi1rf4wq.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2011/07/17 14:16:31 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\zi1rf4wq.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/11/18 13:54:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\zi1rf4wq.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/01/07 14:13:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Shannon\AppData\Roaming\Mozilla\Firefox\Profiles\zi1rf4wq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012/01/19 13:50:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 7\EXTENSIONS\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/11/14 20:29:57 | 000,000,922 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe (Bitdefender)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEC60A72-776F-4505-B281-BE9C9EDBE2E1}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/20 21:50:01 | 000,000,000 | ---D | M] - D:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{7dba8c87-571f-11e0-9801-002215ca6ee1}\Shell - "" = AutoRun
O33 - MountPoints2\{7dba8c87-571f-11e0-9801-002215ca6ee1}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/17 02:58:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/02/17 00:22:39 | 000,544,552 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012/02/17 00:22:17 | 000,691,384 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/02/17 00:21:17 | 000,090,192 | ---- | C] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2012/02/17 00:21:16 | 000,079,952 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012/02/17 00:21:10 | 000,329,800 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/02/17 00:21:07 | 000,258,736 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012/02/17 00:21:06 | 000,442,088 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2012/02/17 00:17:58 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\SUPERAntiSpyware.com
[2012/02/17 00:17:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/02/16 20:58:27 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Malwarebytes
[2012/02/16 20:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/16 20:57:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/16 20:26:48 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Bitdefender
[2012/02/16 20:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Bitdefender
[2012/02/16 19:15:50 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Local\bdch
[2012/02/16 18:41:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/16 18:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/16 18:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/02/16 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
[2012/02/14 16:53:16 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/02/14 16:26:56 | 000,000,000 | ---D | C] -- C:\Users\Shannon\AppData\Roaming\Adobe Mini Bridge CS5
[2012/01/19 13:50:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/12/03 15:21:43 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Shannon\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/02/17 15:18:55 | 001,008,141 | ---- | M] () -- C:\Users\Shannon\Desktop\rkill.com
[2012/02/17 12:17:20 | 000,090,346 | ---- | M] () -- C:\Users\Shannon\Desktop\asdf.png
[2012/02/17 10:25:58 | 000,782,154 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/02/17 10:25:58 | 000,662,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/02/17 10:25:58 | 000,121,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/02/17 10:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/17 10:21:33 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/17 03:02:25 | 000,000,269 | -H-- | M] () -- C:\bdr-conf
[2012/02/17 00:22:39 | 000,544,552 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012/02/17 00:22:17 | 000,691,384 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avc3.sys
[2012/02/17 00:21:17 | 000,090,192 | ---- | M] (BitDefender LLC) -- C:\Windows\SysNative\drivers\bdfndisf6.sys
[2012/02/17 00:21:16 | 000,079,952 | ---- | M] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012/02/17 00:21:10 | 000,329,800 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/02/17 00:21:07 | 000,258,736 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\avchv.sys
[2012/02/17 00:21:06 | 000,442,088 | ---- | M] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2012/02/16 20:53:31 | 000,246,795 | ---- | M] () -- C:\ProgramData\1329446837.bdinstall.bin
[2012/02/16 20:20:02 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 20:20:02 | 000,019,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/16 20:07:57 | 000,265,730 | ---- | M] () -- C:\ProgramData\1329443268.bdinstall.bin
[2012/02/06 15:53:24 | 005,147,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/03 22:39:33 | 000,068,595 | ---- | M] () -- C:\Users\Shannon\Desktop\Untitled-1.jpg
[2012/01/28 20:47:08 | 003,460,184 | ---- | M] () -- C:\Users\Shannon\Desktop\Mulan-I'll Make a Man Out of You-(Mandarin).mp3
[2012/01/24 15:08:38 | 003,907,532 | ---- | M] () -- C:\Users\Shannon\Desktop\Gotye feat. Kimbra- Somebody That I Used To Know- official film clip (HD).mp3
[2012/01/24 08:16:19 | 003,963,121 | ---- | M] () -- C:\Users\Shannon\Desktop\Kimbra - Settle Down (Official Music Video HD).mp3
[2012/01/20 20:47:11 | 003,599,496 | ---- | M] () -- C:\Users\Shannon\Desktop\Far East Movement - Like A G6 ft. The Cataracs, Dev.mp3
[2012/01/19 01:18:02 | 000,000,132 | ---- | M] () -- C:\Users\Shannon\AppData\Roaming\Adobe PNG Format CS5 Prefs

========== Files Created - No Company Name ==========

[2012/02/17 15:18:53 | 001,008,141 | ---- | C] () -- C:\Users\Shannon\Desktop\rkill.com
[2012/02/17 12:17:19 | 000,090,346 | ---- | C] () -- C:\Users\Shannon\Desktop\asdf.png
[2012/02/16 20:53:31 | 000,246,795 | ---- | C] () -- C:\ProgramData\1329446837.bdinstall.bin
[2012/02/16 20:52:41 | 036,942,680 | -H-- | C] () -- C:\bdrescue.gz
[2012/02/16 20:52:41 | 000,217,769 | -H-- | C] () -- C:\bdrescue
[2012/02/16 20:52:41 | 000,009,216 | -H-- | C] () -- C:\bdrescue.mbr
[2012/02/16 20:52:41 | 000,000,269 | -H-- | C] () -- C:\bdr-conf
[2012/02/16 20:07:57 | 000,265,730 | ---- | C] () -- C:\ProgramData\1329443268.bdinstall.bin
[2012/02/03 22:39:31 | 000,068,595 | ---- | C] () -- C:\Users\Shannon\Desktop\Untitled-1.jpg
[2012/01/28 20:47:03 | 003,460,184 | ---- | C] () -- C:\Users\Shannon\Desktop\Mulan-I'll Make a Man Out of You-(Mandarin).mp3
[2012/01/24 15:08:36 | 003,907,532 | ---- | C] () -- C:\Users\Shannon\Desktop\Gotye feat. Kimbra- Somebody That I Used To Know- official film clip (HD).mp3
[2012/01/24 08:16:17 | 003,963,121 | ---- | C] () -- C:\Users\Shannon\Desktop\Kimbra - Settle Down (Official Music Video HD).mp3
[2012/01/20 20:47:07 | 003,599,496 | ---- | C] () -- C:\Users\Shannon\Desktop\Far East Movement - Like A G6 ft. The Cataracs, Dev.mp3
[2011/12/03 15:21:43 | 000,099,384 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\inst.exe
[2011/12/03 15:21:43 | 000,007,859 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\pcouffin.cat
[2011/12/03 15:21:43 | 000,001,167 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\pcouffin.inf
[2011/10/07 14:35:15 | 000,000,132 | ---- | C] () -- C:\Users\Shannon\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/22 19:38:49 | 000,311,058 | ---- | C] () -- C:\ProgramData\1314062634.bdinstall.bin
[2011/08/22 19:22:08 | 000,015,677 | ---- | C] () -- C:\ProgramData\1314062526.bdinstall.bin
[2011/08/22 19:21:19 | 000,015,678 | ---- | C] () -- C:\ProgramData\1314062476.bdinstall.bin
[2011/08/22 19:20:15 | 000,093,795 | ---- | C] () -- C:\ProgramData\1314062367.bdinstall.bin
[2011/08/22 19:20:04 | 000,045,200 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/08/03 21:33:53 | 000,004,608 | ---- | C] () -- C:\Users\Shannon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/14 15:41:25 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/06/11 21:22:11 | 000,794,900 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/23 21:40:33 | 000,000,254 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/05/23 21:40:29 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2011/03/15 21:20:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/03/02 20:21:06 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/03/02 20:21:06 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/03/02 20:21:06 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/03/02 20:21:06 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/03/02 20:21:06 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/03/02 20:21:06 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/03/02 20:21:06 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/03/02 20:21:06 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/03/02 20:21:06 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/03/02 20:21:06 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/03/02 20:21:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/02 20:21:06 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/02 20:21:06 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/02 20:21:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/02 20:21:06 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/02 20:21:06 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/03/02 20:21:06 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/03/02 20:21:06 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/03/02 20:21:06 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/01/08 19:43:54 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:59:39 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\amdpcom32.dll
[2009/07/13 15:59:38 | 002,342,400 | ---- | C] () -- C:\Windows\SysWow64\atidxx32.dll
[2009/07/13 15:59:37 | 004,772,352 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dll
[2009/07/13 15:59:37 | 004,030,976 | ---- | C] () -- C:\Windows\SysWow64\atiumdag.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/02/03 00:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys

========== LOP Check ==========

[2011/06/21 00:02:37 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\acccore
[2011/07/05 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\Amazon
[2012/02/16 20:26:48 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\Bitdefender
[2012/02/14 16:53:16 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/13 20:43:09 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\DAEMON Tools Lite
[2011/01/01 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\DAoC Portal
[2011/01/11 14:56:51 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\DeepBurner Pro
[2011/01/01 15:42:21 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\Electronic Arts
[2011/12/06 16:33:02 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\Free Audio Editor
[2011/07/05 21:58:27 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\ImTOO
[2011/07/02 03:59:57 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\PhotoScape
[2011/08/22 19:24:06 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\QuickScan
[2011/01/20 16:32:06 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\Sammsoft
[2011/02/28 18:19:34 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/11/13 00:13:11 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\Supermarket Mania 2
[2011/01/25 15:02:20 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\TomTom
[2012/02/17 10:22:24 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\uTorrent
[2011/12/03 15:25:21 | 000,000,000 | ---D | M] -- C:\Users\Shannon\AppData\Roaming\Vso
[2011/11/30 15:15:53 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Shannon\Desktop\rkill.com:BDU
@Alternate Data Stream - 16 bytes -> C:\Users\Shannon\Desktop\Mulan-I'll Make a Man Out of You-(Mandarin).mp3:BDU
@Alternate Data Stream - 16 bytes -> C:\Users\Shannon\Desktop\Kimbra - Settle Down (Official Music Video HD).mp3:BDU
@Alternate Data Stream - 16 bytes -> C:\Users\Shannon\Desktop\JobApplication.pdf:BDU
@Alternate Data Stream - 16 bytes -> C:\Users\Shannon\Desktop\Gotye feat. Kimbra- Somebody That I Used To Know- official film clip (HD).mp3:BDU
@Alternate Data Stream - 16 bytes -> C:\Users\Shannon\Desktop\Far East Movement - Like A G6 ft. The Cataracs, Dev.mp3:BDU
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:411E1BE2

< End of report >

Edited by shsanford, 19 February 2012 - 03:17 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP