Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

ATTN: godawgs - Ex-gaming laptop won't play any games [Solved]

Started by Jules4me , Sep 02 2012 10:19 PM

Page 5 of 8
3
4
5
6
7

This topic is locked

#61
godawgs

Posted 11 September 2012 - 11:30 PM

Teacher

Retired Staff
8,228 posts

Thanks for the full ESET scan. The files in the Windows.old folder were the only ones found. Let's run a ComboFix fix. This will address the locked registry keys containing information for the MemoLink toolbar that we uninstalled. And the malware found in the Windows.old folder. They're inert but there's no point in leaving them. Then we're gonna see if we can do a repair on the Avast installation to get the correct information in those services and drivers keys.

Step-1.

Posted Image

Run a CFScript

1. Close any open Windows, especially browsers.

IMPORTANT:- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. This fix will require a reboot to correct so make sure these are turned off and will not turn back on at reboot. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to the link here to see a list of programs that should be disabled.
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

2. Copy all of the text in the Code box below into Notepad. To do that highlight all the text in the code box then right click the mouse and click Copy.

KillAll::

RegLock::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

Registry::

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
"{37E984C0-D9FA-439C-8279-D5EFB625B898}"=-
"{BCEFFD58-CD95-80B4-C1E1-E42927E35AD4}"=-
"{0C6FE940-7788-4F1C-B735-B7657C04A763}"=-
"{A9C85A36-FE15-7344-7578-A7E8EAF18473}"=-
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=-

File::

C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\asc-setup.exe
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\driverperformer_849.exe
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup(1).exe
C:\Windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup.exe
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\asc-setup.exe
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\driverperformer_849.exe
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup(1).exe
C:\Windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup.exe

Folder::
 
C:\Windows.old\Program Files\FreeApps

Note: The above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Open Notepad. To do that click Start>>Run. in the Open box type notepad and click OK. An empty notepad window will open.

Right click inside the Notepad window and click Paste.
Click File then Save AS.
On the Save AS window click Desktop (on the left side of the window).
In the File Name box type CFScript.txt<--Important...Make sure the files is named exactly as shown.
Click the Save as type down arrow and click All Files (*.*)
Click Save

. This will save the CFScript.txt to the desktop.

4. Referring to the animation below, drag the CFScript.txt file onto ComboFix.exe Cat icon and drop it.
ComboFix will launch and run the CFScript file

Posted Image

**Note: 1. Do not mouse click ComboFix's window while it's running. That may cause it to stall**
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer. That will cure it.
When finished, ComboFix will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Do not forget to restart your AntiVirus and Antispyware programs

Step-3

Reset IE

Follow the instructions on this Microsoft page to reset Internet Explorer.
Then close IE and reopen it and see if there is any difference in the web pages loading.

Step-2.

Repair Avast Installation

Go to the Control Panel and under Programs heading, click Uninstall a program. In the list of programs find Avast and click it.
Above the listed programs you will see a row of actions like Organize Views Uninstall ect; if there is a Repair action, click it to repair the Avast installation, then close out the Control Panel and reboot the computer.

If there isn't a Repair action, then click Uninstall. When the program has been uninstalled reboot the computer.
Then reinstall the Avast program.

After you have repaired or uninstalled and reinstalled the program run the following OTL scan:

Step-4.

Posted Image

OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image

box in OTL. To do that:

Highlight everything inside the code box, right click the mouse and click Copy.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt

2. Re-open OTL on the desktop. To do that:

Double click on the OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
You will see a console like the one below:
Click the box beside Scan All Users at the top of the console
Make sure the Output box at the top is set to Standard Output.
Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted.
When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
Please copy the contents of this file and paste it into your reply. To do that:
On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Things For Your Next Post:
1. The CFScript.txt log
2. Let me know how the Avast repair or reinstall went
3. The new OTL.txt log
4. Did resetting IE help with the web pages loading?

#62
Jules4me

Posted 12 September 2012 - 11:33 AM

Member

Topic Starter
Member
92 posts

ComboFix 12-09-12.03 - Dell 1525 09/12/2012 12:07:49.2.1 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.1.1033.18.3574.2727 [GMT -5:00]
Running from: c:\users\Dell 1525\Desktop\ComboFix.exe
Command switches used :: c:\users\Dell 1525\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\asc-setup.exe"
"c:\windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\driverperformer_849.exe"
"c:\windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup(1).exe"
"c:\windows.old\Documents and Settings\Dell Inspiron 1525\Downloads\imf-setup.exe"
"c:\windows.old\Users\Dell Inspiron 1525\Downloads\asc-setup.exe"
"c:\windows.old\Users\Dell Inspiron 1525\Downloads\driverperformer_849.exe"
"c:\windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup(1).exe"
"c:\windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows.old\Users\Dell Inspiron 1525\Downloads\asc-setup.exe
c:\windows.old\Users\Dell Inspiron 1525\Downloads\driverperformer_849.exe
c:\windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup(1).exe
c:\windows.old\Users\Dell Inspiron 1525\Downloads\imf-setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-12 17:17 . 2012-09-12 17:20 -------- d-----w- c:\users\Dell 1525\AppData\Local\temp
2012-09-12 17:17 . 2012-09-12 17:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-12 17:17 . 2012-09-12 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-12 12:58 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 12:58 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 12:58 . 2012-08-22 17:16 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 12:58 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 12:58 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 12:58 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 13:44 . 2012-08-28 06:50 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D9B6AE5-CE3F-44AF-8C2C-2DF94222A181}\mpengine.dll
2012-09-10 20:01 . 2012-09-10 20:01 -------- d-----w- c:\program files\ESET
2012-09-10 16:58 . 2012-09-10 16:58 -------- d-----w- c:\users\Dell 1525\AppData\Roaming\Malwarebytes
2012-09-10 16:58 . 2012-09-10 16:58 -------- d-----w- c:\programdata\Malwarebytes
2012-09-10 16:58 . 2012-09-10 16:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-10 16:58 . 2012-07-03 18:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-09 01:59 . 2012-09-09 02:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-09-09 00:01 . 2012-09-09 00:01 -------- d-----w- c:\program files\Common Files\xing shared
2012-09-06 20:16 . 2012-09-06 20:16 -------- d-----w- c:\program files\Common Files\Java
2012-09-06 20:15 . 2012-09-06 20:15 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-05 13:16 . 2012-09-05 13:16 -------- d-----w- C:\_OTL
2012-08-21 03:44 . 2012-08-21 03:44 -------- d-----w- c:\program files\Common Files\Skype
2012-08-15 13:06 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 13:06 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 13:06 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 13:06 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 13:06 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-15 13:06 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 13:06 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 00:00 . 2012-06-03 13:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-09-09 00:00 . 2012-01-04 20:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-09-08 03:03 . 2012-04-01 23:14 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 03:03 . 2011-10-05 13:48 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-06 20:15 . 2012-07-01 18:42 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-06 20:15 . 2011-10-06 17:22 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-03 16:21 . 2012-08-12 20:09 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2012-08-12 20:09 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2012-08-12 20:09 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2012-08-12 20:09 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-07-03 16:21 . 2012-08-12 20:09 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2012-08-12 20:09 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2012-08-12 20:08 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2012-08-12 20:08 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-02 14:59 . 2012-07-02 14:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2012-06-20 16:56 . 2012-01-30 04:25 71104 ----a-w- c:\windows\CouponPrinter.ocx
2012-09-06 01:27 . 2012-09-09 01:59 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-09-09_23.58.23 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-13 23:54 . 2009-07-13 23:54 15872 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.22044_none_ca3303f0bd44da67\usb8023x.sys
+ 2009-07-13 23:54 . 2009-07-13 23:54 15872 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.22044_none_ca3303f0bd44da67\usb80236.sys
+ 2012-09-12 12:58 . 2012-07-04 19:41 33280 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.22044_none_ca3303f0bd44da67\rndismpx.sys
+ 2012-09-12 12:58 . 2012-07-04 19:41 30208 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.22044_none_ca3303f0bd44da67\rndismp6.sys
+ 2009-07-13 23:54 . 2009-07-13 23:54 15872 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.17887_none_c9815031a444c324\usb8023x.sys
+ 2009-07-13 23:54 . 2009-07-13 23:54 15872 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.17887_none_c9815031a444c324\usb80236.sys
+ 2012-09-12 12:58 . 2012-07-04 19:45 33280 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.17887_none_c9815031a444c324\rndismpx.sys
+ 2012-09-12 12:58 . 2012-07-04 19:45 30208 c:\windows\winsxs\x86_netrndis.inf_31bf3856ad364e35_6.1.7601.17887_none_c9815031a444c324\rndismp6.sys
+ 2012-09-12 12:58 . 2012-07-04 19:41 33280 c:\windows\winsxs\x86_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.22044_none_e39f2474035d9418\RNDISMP.sys
+ 2012-09-12 12:58 . 2012-07-04 19:45 33280 c:\windows\winsxs\x86_microsoft-windows-rndis-miniport_31bf3856ad364e35_6.1.7601.17887_none_e2ed70b4ea5d7cd5\RNDISMP.sys
+ 2011-10-05 01:53 . 2012-09-12 12:56 41214 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-09-12 17:22 51542 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-05 01:42 . 2012-09-12 17:22 18058 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1749512106-181472926-2126426169-1002_UserData.bin
- 2009-07-14 04:50 . 2012-08-15 14:35 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-14 04:50 . 2012-09-12 16:57 86016 c:\windows\System32\DriverStore\infpub.dat
+ 2009-07-13 23:54 . 2009-07-13 23:54 15872 c:\windows\System32\DriverStore\FileRepository\netrndis.inf_x86_neutral_0b46e86f0f566f5a\usb8023x.sys
+ 2009-07-13 23:54 . 2009-07-13 23:54 15872 c:\windows\System32\DriverStore\FileRepository\netrndis.inf_x86_neutral_0b46e86f0f566f5a\usb80236.sys
+ 2012-09-12 12:58 . 2012-07-04 19:45 33280 c:\windows\System32\DriverStore\FileRepository\netrndis.inf_x86_neutral_0b46e86f0f566f5a\rndismpx.sys
+ 2012-09-12 12:58 . 2012-07-04 19:45 30208 c:\windows\System32\DriverStore\FileRepository\netrndis.inf_x86_neutral_0b46e86f0f566f5a\rndismp6.sys
+ 2011-10-05 00:26 . 2012-09-12 17:21 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-05 00:26 . 2012-09-09 23:41 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-05 00:26 . 2012-09-12 17:21 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-05 00:26 . 2012-09-09 23:41 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-09-12 17:21 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-09-09 23:41 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2012-09-12 17:02 86880 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-10 16:18 . 2012-09-12 16:56 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2012-09-12 16:58 . 2012-09-12 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 04:08 . 2012-09-09 04:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-09-09 04:08 . 2012-09-09 04:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-12 16:58 . 2012-09-12 17:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-12 12:58 . 2012-08-22 17:05 187760 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\FWPKCLNT.SYS
+ 2012-09-12 12:58 . 2012-08-22 17:16 187760 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\FWPKCLNT.SYS
+ 2012-09-12 12:58 . 2012-08-22 17:05 240496 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7601.22097_none_58d8d2de2ceb9678\netio.sys
+ 2012-09-12 12:58 . 2012-08-22 17:16 240496 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.1.7601.17939_none_58923ff3139b4b9b\netio.sys
+ 2012-09-12 12:58 . 2012-08-22 16:56 156160 c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndismigplugin.dll
+ 2012-09-12 12:58 . 2012-08-22 17:05 712048 c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_aa0491cf93ad1c31\ndis.sys
+ 2009-07-13 23:53 . 2009-07-14 01:16 156160 c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndismigplugin.dll
+ 2012-09-12 12:58 . 2012-08-22 17:16 712048 c:\windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_a9bdfee47a5cd154\ndis.sys
+ 2012-09-12 12:58 . 2012-08-02 16:53 490496 c:\windows\winsxs\x86_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_6.1.7601.22077_none_e5b1729317206dd8\d3d10level9.dll
+ 2012-09-12 12:58 . 2012-08-02 16:57 490496 c:\windows\winsxs\x86_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_6.1.7601.17920_none_e5570d21fde05add\d3d10level9.dll
+ 2012-09-12 12:58 . 2012-08-02 18:48 490496 c:\windows\winsxs\x86_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_6.1.7600.21291_none_e3af73f91a0fa1c4\d3d10level9.dll
+ 2012-09-12 12:58 . 2012-08-02 17:05 490496 c:\windows\winsxs\x86_microsoft-windows-directx-d3d10level9_31bf3856ad364e35_6.1.7600.17089_none_e338a78400e2b39a\d3d10level9.dll
+ 2011-10-06 03:10 . 2012-09-12 16:44 293828 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:05 . 2012-09-12 17:03 624178 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-08-12 20:02 624178 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2012-08-12 20:02 106522 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2012-09-12 17:03 106522 c:\windows\System32\perfc009.dat
+ 2009-07-14 04:50 . 2012-09-12 16:57 143360 c:\windows\System32\DriverStore\infstrng.dat
- 2009-07-14 04:50 . 2012-08-15 14:35 143360 c:\windows\System32\DriverStore\infstrng.dat
+ 2009-07-14 04:50 . 2012-09-12 16:57 143360 c:\windows\System32\DriverStore\infstor.dat
- 2009-07-14 04:50 . 2012-08-15 14:35 143360 c:\windows\System32\DriverStore\infstor.dat
+ 2009-07-14 04:51 . 2012-09-12 16:57 399360 c:\windows\System32\DriverStore\drvindex.dat
- 2009-07-14 04:51 . 2012-08-15 14:35 399360 c:\windows\System32\DriverStore\drvindex.dat
+ 2009-07-14 04:47 . 2012-09-12 16:57 390588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-09-09 04:07 390588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-10 16:18 . 2012-08-15 14:26 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2012-09-12 12:58 . 2012-08-22 17:05 1306992 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_b55b785ade04500f\tcpip.sys
+ 2012-09-12 12:58 . 2012-08-22 17:16 1292144 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_b514e56fc4b40532\tcpip.sys
+ 2009-07-14 02:03 . 2012-09-12 16:57 7602176 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2012-08-15 14:36 7602176 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 04:34 . 2012-08-15 14:41 6898110 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:34 . 2012-09-12 17:01 6898110 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-05 16:15 . 2012-09-11 00:37 1983368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1749512106-181472926-2126426169-1002-12288.dat
+ 2012-08-30 08:06 . 2012-08-30 08:06 5007872 c:\windows\Installer\e1bca4.msp
+ 2011-10-10 16:18 . 2012-09-12 16:56 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2011-10-10 16:18 . 2012-09-12 16:56 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2011-10-10 16:18 . 2012-08-15 14:26 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-10-05 01:03 . 2012-09-12 16:54 62164608 c:\windows\System32\MRT.exe
+ 2011-10-05 16:15 . 2012-09-12 03:20 12908896 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1749512106-181472926-2126426169-1002-8192.dat
+ 2011-10-05 01:42 . 2012-09-12 16:54 140011868 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-09-09 296096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 01:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 00:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-08-12 17:18 205336 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 18:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-09-09 00:00 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:03]
.
2012-08-12 c:\windows\Tasks\CMS Application Updater.job
- c:\program files\CMS Products\Updater\CmsUpdater.exe [2012-03-13 18:28]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
- c:\users\Dell 1525\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 03:45]
.
2012-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
- c:\users\Dell 1525\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-05 03:45]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: cinemanow.com
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
Trusted Zone: swagbucks.com\player
Trusted Zone: swagbucks.com\www
TCP: DhcpNameServer = 10.236.230.98
TCP: Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\67crp8yp.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-09-12 12:29:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-12 17:29
ComboFix2.txt 2012-09-10 00:06
ComboFix3.txt 2012-06-06 03:47
.
Pre-Run: 25,245,306,880 bytes free
Post-Run: 25,188,143,104 bytes free
.
- - End Of File - - 048633E5B72257C8D1608762F73FB087

#63
Jules4me

Posted 12 September 2012 - 12:06 PM

Member

Topic Starter
Member
92 posts

OTL logfile created on: 9/12/2012 12:41:46 PM - Run 8
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Dell 1525\Desktop
Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.68 Gb Available Physical Memory | 76.69% Memory free
6.98 Gb Paging File | 6.15 Gb Available in Paging File | 88.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.60 Gb Total Space | 23.54 Gb Free Space | 24.89% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 13.70 Gb Free Space | 93.53% Space Free | Partition Type: NTFS

Computer Name: PINKDELL1525-PC | User Name: Dell 1525 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/08 19:00:46 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/09/02 22:59:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
PRC - [2012/08/21 04:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/18 22:57:44 | 000,336,952 | ---- | M] (Power Software Ltd) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/09/07 22:03:08 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/05 20:26:40 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/04 22:56:54 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/02 21:37:50 | 000,400,368 | ---- | M] (Rovi Corporation) [Auto | Running] -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/08/21 04:13:14 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/04/18 22:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2011/08/19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2011/08/19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/08 19:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/12 12:36:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/08 19:01:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/08 20:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/09/08 21:00:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Extensions
[2012/09/08 21:04:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dell 1525\AppData\Roaming\Mozilla\Firefox\Profiles\67crp8yp.default\extensions
[2012/09/08 20:59:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dell 1525\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java™ Platform SE 6 U33 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\system32\npdeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Dell 1525\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dell 1525\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Dell 1525\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/09/12 12:20:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxio.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxio.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxionow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: roxionow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: sonic.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: sonic.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: swagbucks.com ([player] http in Trusted sites)
O15 - HKU\S-1-5-21-1749512106-181472926-2126426169-1002\..Trusted Domains: swagbucks.com ([www] http in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: DhcpNameServer = 10.236.230.98
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EB92684-DE89-4FD5-BF9B-8DE39C493DC7}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/12 12:29:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/12 12:20:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/09/12 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Local\temp
[2012/09/12 12:05:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/09/12 07:58:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2012/09/12 07:58:30 | 000,240,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/09/12 07:58:30 | 000,187,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 07:58:29 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2012/09/10 15:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/09/10 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Roaming\Malwarebytes
[2012/09/10 11:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/10 11:58:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/10 11:58:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/10 11:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/09/10 11:50:00 | 000,080,456 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Dell 1525\Desktop\mbam-clean-1.60.2.0003.exe
[2012/09/09 18:46:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/09 18:46:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/09 18:46:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/09 18:45:16 | 004,749,988 | R--- | C] (Swearware) -- C:\Users\Dell 1525\Desktop\ComboFix.exe
[2012/09/08 21:00:10 | 000,000,000 | ---D | C] -- C:\Users\Dell 1525\AppData\Roaming\Mozilla
[2012/09/08 20:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/09/08 20:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/08 19:01:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012/09/06 15:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/06 15:16:06 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/06 15:15:50 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/06 15:15:50 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/06 15:15:50 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/06 15:14:05 | 031,169,000 | ---- | C] (Oracle Corporation) -- C:\Users\Dell 1525\Desktop\jre-7u7-windows-i586.exe
[2012/09/05 08:40:00 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Dell 1525\Desktop\FSS.exe
[2012/09/05 08:16:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/04 12:39:06 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Dell 1525\Desktop\aswMBR.exe
[2012/09/03 19:30:43 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/20 22:44:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/15 09:21:26 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/15 09:21:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/15 09:21:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/15 09:21:23 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/15 09:21:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/15 09:21:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/15 09:21:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/15 08:06:40 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012/08/15 08:06:34 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/15 08:06:29 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll

========== Files - Modified Within 30 Days ==========

[2012/09/12 12:45:33 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/12 12:45:33 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/12 12:45:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002UA.job
[2012/09/12 12:45:00 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 12:45:00 | 000,016,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/12 12:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/12 12:37:04 | 2810,740,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/12 12:36:09 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/09/12 12:36:08 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/09/12 12:27:11 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/12 12:20:37 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/09/12 12:05:13 | 004,749,988 | R--- | M] (Swearware) -- C:\Users\Dell 1525\Desktop\ComboFix.exe
[2012/09/10 11:58:05 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/10 11:49:11 | 000,080,456 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Dell 1525\Desktop\mbam-clean-1.60.2.0003.exe
[2012/09/09 19:12:19 | 000,854,156 | ---- | M] () -- C:\Users\Dell 1525\Desktop\SecurityCheck.exe
[2012/09/08 22:45:26 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1749512106-181472926-2126426169-1002Core.job
[2012/09/08 21:35:05 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/08 21:00:01 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/08 20:32:31 | 000,026,983 | ---- | M] () -- C:\Users\Dell 1525\Documents\ffbookmarks09-08Document.rtf
[2012/09/08 19:02:01 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/09/08 19:01:16 | 000,198,864 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2012/09/08 19:00:55 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2012/09/08 19:00:55 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2012/09/08 19:00:52 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012/09/07 22:03:07 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/09/07 22:03:07 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/09/07 10:35:13 | 000,511,265 | ---- | M] () -- C:\Users\Dell 1525\Desktop\adwcleaner.exe
[2012/09/06 15:15:41 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/09/06 15:15:37 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/09/06 15:15:37 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/09/06 15:15:37 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/09/06 15:15:36 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll
[2012/09/06 15:15:36 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/09/06 15:12:11 | 031,169,000 | ---- | M] (Oracle Corporation) -- C:\Users\Dell 1525\Desktop\jre-7u7-windows-i586.exe
[2012/09/05 08:39:37 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Dell 1525\Desktop\FSS.exe
[2012/09/04 12:48:12 | 000,000,512 | ---- | M] () -- C:\Users\Dell 1525\Desktop\MBR.dat
[2012/09/04 12:38:26 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Dell 1525\Desktop\aswMBR.exe
[2012/09/02 22:59:26 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Dell 1525\Desktop\OTL.exe
[2012/09/01 14:48:37 | 000,002,480 | ---- | M] () -- C:\Users\Dell 1525\Desktop\Google Chrome.lnk
[2012/08/22 12:16:46 | 000,240,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/08/22 12:16:36 | 000,187,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/08/21 04:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/08/21 04:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/08/21 04:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/08/21 04:13:14 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/08/21 04:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/08/21 04:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/21 04:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/08/20 22:44:43 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/15 09:38:17 | 000,409,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 18:19:51 | 000,001,337 | ---- | M] () -- C:\Users\Dell 1525\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2012/09/10 11:58:05 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/09 19:13:08 | 000,854,156 | ---- | C] () -- C:\Users\Dell 1525\Desktop\SecurityCheck.exe
[2012/09/09 18:46:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/09 18:46:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/09 18:46:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/09 18:46:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/09 18:46:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/08 21:00:01 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/09/08 21:00:01 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/09/08 20:32:30 | 000,026,983 | ---- | C] () -- C:\Users\Dell 1525\Documents\ffbookmarks09-08Document.rtf
[2012/09/08 19:02:01 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/09/07 10:35:44 | 000,511,265 | ---- | C] () -- C:\Users\Dell 1525\Desktop\adwcleaner.exe
[2012/09/04 12:48:12 | 000,000,512 | ---- | C] () -- C:\Users\Dell 1525\Desktop\MBR.dat
[2012/07/08 16:09:03 | 000,007,605 | ---- | C] () -- C:\Users\Dell 1525\AppData\Local\Resmon.ResmonCfg
[2012/07/03 23:36:32 | 000,033,134 | ---- | C] () -- C:\Users\Dell 1525\AppData\Roaming\UserTile.png
[2012/04/04 13:32:08 | 000,001,848 | ---- | C] () -- C:\Windows\System32\GacelaLSPServiceOff.ini
[2011/12/02 20:10:19 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/02 20:10:18 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/10/05 12:30:18 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/10/05 12:27:48 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/10/04 20:40:50 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 12:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 06:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"DisplayName" = aswSnx
"Group" = FSFilter Virtualization
"DependOnService" = FltMgr [binary data]
"Description" = avast! virtualization driver (aswSnx)
"Tag" = 2

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx\Instances]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSnx\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP >
"Type" = 1
"Start" = 1
"ErrorControl" = 1
"DisplayName" = aswSP
"Description" = avast! Self Protection

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP\Parameters]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswSP\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk >
"Type" = 2
"Start" = 2
"ErrorControl" = 1
"DisplayName" = aswFsBlk
"Group" = FSFilter Activity Monitor
"DependOnService" = FltMgr [binary data]
"Description" = avast! mini-filter driver (aswFsBlk)
"Tag" = 2

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk\Instances]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswFsBlk\Enum]

< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt >
"Type" = 2
"Start" = 2
"ErrorControl" = 1
"ImagePath" = \??\C:\Windows\system32\drivers\aswMonFlt.sys -- [2012/08/21 04:13:14 | 000,058,680 | ---- | M] (AVAST Software)
"DisplayName" = aswMonFlt
"Group" = FSFilter Anti-Virus
"DependOnService" = FltMgr [binary data]
"Description" = avast! mini-filter driver (aswMonFlt)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt\Instances]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMonFlt\Enum]

========== Alternate Data Streams ==========

@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:32A82570

< End of report >

#64
Jules4me

Posted 12 September 2012 - 12:12 PM

Member

Topic Starter
Member
92 posts

I don't know about you, but all this is making me weary....

Thank you for taking so much of your time to help me with this.

The Avast repair went fine.

IE is still very slow and does not load correctly.

#65
Jules4me

Posted 12 September 2012 - 12:22 PM

Member

Topic Starter
Member
92 posts

In IE, what do I do if I get the error that an add-on failed to run, but the name of the add-on is not given? How do I fix this problem?

#66
godawgs

Posted 13 September 2012 - 01:19 AM

Teacher

Retired Staff
8,228 posts

Hi Jules,

Were you on a web site when you got the message?

Sounds like when you reset IE a add-on got disabled. Try this:

1. Open Control Panel
2. Click on Network and Internet
3. Under Internet Options click Manage browser add-ons
4. On the Internet Properties page click the Manage add-ons button
5. On the Manage add-ons page look at the Status cloumn. If an add-on shows Disabled, click it and click the Enable button at the bottom of the page. Then go back to the web page and see if you still get the error message.

If none of the add-ons are disabled it's possible that an add-on is corrupt. You will need to follow the steps 1-3 above but for step 4 click each add-on, one at a time, and click the Disable button at the bottom of the page. Then go to the site that gave you the message and see if you are still getting it. If you aren't...that's the bad add-on. If you are, enable that add-on and click the next one and repeat the process until you disable the add-on that stops the error message. You will need to reinstall the add-on.

If it's an ActiveX add-on that you downloaded and installed there should be a uninstall button an the bottom of the Manage add-ons page when you click the add-on to highlight it.
You won't have the Uninstall button for ActiveX controls that you didn't download and install, but some ActiveX controls, like the Adobe FlashPlayer ActiveX control can be uninstalled through the Control Panel.

I know this has been a long process. It always has been when dealing with browser problems. The good news is that your logs are clean. We're gonna make one last pass with an OTL fix to take care of the stragglers in the last log. I'm gonna reset the HOSTS file in the off chance that it's causing the browser loading problem. If that doesn't help there is one last setting I want to change and see if that helps. If that doesn't do it we're gonna clean up the tools we've used and then I'm gonna ask a system Tech to take a look as we will have exhausted everything that I and the malware staff have come up with.

Step-1.

Posted Image

OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.

:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)

:COMMANDS
[EMPTYTEMP]
[RESETHOSTS]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image

on your desktop.
3. Place the mouse pointer inside the Posted Image

textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image

button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image

button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

Try to load the web page, if still no joy try the next step:

Step-2.

Click the Internet icon in the system tray and click Network and Sharing Center
On the Network and Sharing Center page click Manage network connections in the left column.
On the Network Connections page, if you connect to the internet using an Ethernet cable right click the Local Area Connection and click Properties and accept the UAC warning.
If you connect to the internet using a wireless connection right click the Wireless Network Connection and click Properties and accept the UAC warning.
On the Properties page in the This connection uses the following items: box click on Internet Protocol Version 4 (TCP/IPv4) and click Properties
On the Internet Protocol properties page make sure the radio buttons beside Obtain an IP address automatically and Obtain a DNS server address automatically are checked.

(Write down what the settings were originally so if this doesn't work you can change them back)
Click OK
Click OK again and close the Network Connections and Network and Sharing Center windows.
Reboot the computer and go to the web page and see if there is any difference.

Step-3.

Things For Your Next Post:
1. The OTL fixes log
2. Let me know about the web page loading.

#67
Jules4me

Posted 14 September 2012 - 08:40 PM

Member

Topic Starter
Member
92 posts

Yes, when I bring us this forum to read what you have written, I get the "an add-on" failed to run error.

The disabling and enabling add-ons is time consuming. I am going to do the other things and then get back with you after I have more time to work on the add-ons.

#68
Jules4me

Posted 14 September 2012 - 08:49 PM

Member

Topic Starter
Member
92 posts

I closed my IE browser window after copying and pasting into OTL. After it was closed I clicked Run Fix. Immediately this error popped up. "Windows has encountered a critical error and will restart in 1 minute." The Fix was running for that one minute, but I do not know if it was completed when the system restarted. At restart, I got a Open File - Security Warning. The publisher could not be verified. Are you sure you want to run this software? Name: C:\Users|Dell 1525\Desktop\OTL.exe

I chose Run and the log file DID come up. Will edit it in.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dell 1525
->Temp folder emptied: 767041 bytes
->Temporary Internet Files folder emptied: 97534262 bytes
->Java cache emptied: 1878 bytes
->FireFox cache emptied: 18477041 bytes
->Google Chrome cache emptied: 13831678 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 1448 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 125.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.59.1 log created on 09142012_214141

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by Jules4me, 14 September 2012 - 08:51 PM.

#69
godawgs

Posted 14 September 2012 - 09:12 PM

Teacher

Retired Staff
8,228 posts

Yes, when I bring us this forum to read what you have written, I get the "an add-on" failed to run error.

The disabling and enabling add-ons is time consuming. I am going to do the other things and then get back with you after I have more time to work on the add-ons.

The first think to check is whether or not the add-on was disabled.

1. Open Control Panel
2. Click on Network and Internet
3. Under Internet Options click Manage browser add-ons
4. On the Internet Properties page click the Manage add-ons button
5. On the Manage add-ons page look at the Status cloumn. If an add-on shows Disabled, click it and click the Enable button at the bottom of the page. Then go back to the web page and see if you still get the error message.

If no add-ons were disabled then you will need to start troubleshooting the add-ons.

#70
Jules4me

Posted 14 September 2012 - 09:13 PM

Member

Topic Starter
Member
92 posts

You know I was shocked to see the amount of cache that was deleted in Chrome and Firefox. I thought cleanup programs were supposed to delete that?

As of right now, Chrome and Firefox are doing great, although I just opened a few pages. Safari is awful and IE has a few problems. I am starting to re-enable some add-ons in IE to see if that helps at all.

#71
Jules4me

Posted 14 September 2012 - 09:20 PM

Member

Topic Starter
Member
92 posts

Oddly, after the OTL fix, when I came back to this page to post the log, I did not get the add-on error. Seems strange it would be sporadic.

#72
Jules4me

Posted 14 September 2012 - 09:48 PM

Member

Topic Starter
Member
92 posts

I think I have narrowed it down. On a different page, not this forum, I disabled one add-on at a time and refreshed the page until the Add-on Failed to Run error did not show. It is the Shockwave Flash Object. I went back and enabled all the ones I disabled minus Shockwave and the page loads great and all the advertisements actually loaded, too. I may have found the culprit.

#73
Jules4me

Posted 14 September 2012 - 09:57 PM

Member

Topic Starter
Member
92 posts

I'm sorry, I know I am asking you a lot of questions that are outside of malware.

I disabled the Shockwave add-on in IE and now Safari is working. That doesn't seem like they should be related, but is it?

#74
godawgs

Posted 14 September 2012 - 10:18 PM

Teacher

Retired Staff
8,228 posts

You know I was shocked to see the amount of cache that was deleted in Chrome and Firefox. I thought cleanup programs were supposed to delete that?

Amazin ain't it? You can set FF and IE (and I'm sure Safari and Chrome also) to delete the temp files and cache every time the browser is closed. The re is also a program I will give you in my prevention suggestions to clean temp files. It is another program by OldTimer (OTL). He actually has that program incorporated into OTL to run at the [EMPTYTEMP] command.

As of right now, Chrome and Firefox are doing great, although I just opened a few pages.

That's good news. I don't really know anything about Safari...never installed it.

IE has a few problems. I am starting to re-enable some add-ons in IE to see if that helps at all.

Oddly, after the OTL fix, when I came back to this page to post the log, I did not get the add-on error. Seems strange it would be sporadic.

The last OTL fix removed a couple of Toolbar registry entries that didn't have any CLSID values. Sometime you have to look at malware removal like shampooing your hair....you know, lather, wash, rinse, repeat...depending on how dirt your hair is. With malware, sometime you remove what you can see and more entries reveal themselves and you have to do the process again.

I think I have narrowed it down. On a different page, not this forum, I disabled one add-on at a time and refreshed the page until the Add-on Failed to Run error did not show. It is the Shockwave Flash Object. I went back and enabled all the ones I disabled minus Shockwave and the page loads great and all the advertisements actually loaded, too. I may have found the culprit.

It certainly sounds like it. I don't know if that made your day, but it made mine.
Troubleshooting add-ons has always been time consuming and a pain. And lots of times it doesn't find the problem. Looks like we got lucky. I cringe when I see a log that has tons of add-ons. Not to mention that malware writers love to use them.

I disabled the Shockwave add-on in IE and now Safari is working. That doesn't seem like they should be related, but is it?

Yep, it's possible. Some browsers use a lot of the IE settings ect; Chrome for example. So when you have a problem with IE you can have it in other browsers. I'm glad Safari is working now.

The last thing we need to do is clean up the tools used. It's gonna take me some time to go thru everything and find the tools used and things disabled. If you have any problems before I get back to you...let me know.