Inactive BSoD errors and other various issues

N

NasuChi

Posts: 30   +0
Hello~ I'm having troubles with my older brothers laptop, it has been giving me constant BSoD errors on startup as well as other random times. Not only that, but alot of my files like to randomly become corrupted. The thing is, everything will run fine for like a week, no errors whatsoever. Then I'll get a BSoD and it will start acting up again. Anyway...I'll get to posting my logs.
 
Malewarebytes

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8378

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

12/16/2011 4:00:28 AM
mbam-log-2011-12-16 (04-00-28).txt

Scan type: Quick scan
Objects scanned: 161633
Time elapsed: 4 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
My gmer log is like, 120k letters long, so its in 3 big parts, did I do something wrong? Did I accidentally do a full scan or something? I'll wait till confirmation before posting it ;x
 
DDS Log 1 first half


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by FAG at 4:33:16 on 2011-12-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1547 [GMT -5:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\ctfmon.exe
C:\Users\FAG\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
BHO: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: ooVoo Toolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - c:\program files\oovootoolbar\oovootoolbarX.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\fag\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049} : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}\2627F636B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{04A64E48-5D43-43F3-BA7D-CACE7172D049}\6657C6D65627 : DhcpNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
 
DDS Log 1 second half

.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency.dll
FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.5.dll
FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}\components\dtTransparency3.6.dll
FF - component: c:\users\fag\appdata\roaming\mozilla\firefox\profiles\tadpvum0.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexon\ngm\npnxgame.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\fag\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\fag\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\fag\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-10-25 442200]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-10-25 320856]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-10-25 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-10-25 54616]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-10-25 44768]
R2 DAZContentManagementService;DAZ Content Management Service;c:\program files\daz 3d\content management service\ContentManagementServer.exe [2011-11-14 18432]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\freemake\capturelib\CaptureLibService.exe [2011-11-27 8704]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-11-27 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-11-27 451960]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-10-26 15872]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-26 52224]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-11-27 10752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-10 1343400]
.
=============== Created Last 30 ================
.
2011-12-14 22:19:50 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:19:40 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:19:28 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:19:27 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:19:22 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 22:19:21 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 05:11:04 163329 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
2011-12-14 05:10:59 -------- d-----w- c:\program files\Ahriman's Prophecy
2011-12-14 02:40:44 -------- d-----w- c:\program files\rpg2003
2011-12-13 22:38:28 -------- d-----w- c:\program files\BandiMPEG1
2011-12-11 02:08:13 -------- d-----w- c:\users\fag\appdata\local\{D084CC5C-EB19-425F-A96F-B6D4EA8F92F2}
2011-12-11 02:08:02 -------- d-----w- c:\users\fag\appdata\local\{FDF338C8-580E-461B-9B8F-3F1CC153CAA1}
2011-12-10 09:38:40 -------- d-----w- c:\users\fag\appdata\local\{07AD3984-9EF3-4967-9E37-589A2374F4AF}
2011-12-10 09:38:28 -------- d-----w- c:\users\fag\appdata\local\{1063CB94-944C-450A-8B3B-99E356AF8F00}
2011-12-08 22:37:14 40960 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-12-08 22:37:14 40960 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{9559f7ca-5e34-4237-a2d9-d856464ad727}\ARPPRODUCTICON.exe
2011-12-08 22:37:00 -------- d-----w- c:\program files\Project64 1.6
2011-12-08 02:58:34 61440 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{3f6d3f2c-3dba-4d20-96d6-d5676f7db642}\NewShortcut2_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
2011-12-08 02:58:33 61440 ----a-r- c:\users\fag\appdata\roaming\microsoft\installer\{3f6d3f2c-3dba-4d20-96d6-d5676f7db642}\NewShortcut21_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
2011-12-08 02:58:23 -------- d-----w- c:\program files\Zenosoft
2011-12-08 02:57:38 -------- d-----w- c:\windows\Downloaded Installations
2011-12-08 01:23:28 -------- d-----w- c:\windows\lhsp
2011-12-08 01:23:25 -------- d-----w- c:\program files\CoolSpeech
2011-12-07 23:37:14 -------- d-----w- c:\users\fag\appdata\local\{A829C79C-C4C0-4073-8673-722F62ED35A3}
2011-12-07 23:37:03 -------- d-----w- c:\users\fag\appdata\local\{145D1B4D-F88B-47AB-BA63-23F56BF36533}
2011-12-07 00:20:22 -------- d-----w- c:\users\fag\appdata\local\{365D7265-7F51-415E-92AA-8F48F1B55BAF}
2011-12-07 00:20:11 -------- d-----w- c:\users\fag\appdata\local\{0C1D30CC-F88D-43BC-9C1A-7D87BBD8D988}
2011-12-06 05:43:07 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-06 05:43:06 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-06 05:43:06 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-06 03:09:12 -------- d-----w- c:\users\fag\appdata\local\{0F277621-8AB5-4451-98C7-C4BEC9E71489}
2011-12-06 03:08:59 -------- d-----w- c:\users\fag\appdata\local\{5B940928-61FA-44BB-8FAF-4C9A16A2FF84}
2011-12-04 20:29:38 -------- d-----w- c:\users\fag\appdata\local\{9E54CDA8-4AC8-47C0-970E-ACA43BE30748}
2011-12-04 20:29:28 -------- d-----w- c:\users\fag\appdata\local\{5C73461A-CF5D-4714-BE94-D507D09207FE}
2011-12-04 08:01:27 -------- d-----w- c:\users\fag\appdata\local\{F4EE781D-1915-4A16-8BA9-AD9F97E1FBB8}
2011-12-04 08:01:08 -------- d-----w- c:\users\fag\appdata\local\{64A36BDA-48A9-48B9-B4B7-E7A2020B5EB3}
2011-12-04 08:01:07 -------- d-----w- c:\users\fag\appdata\local\{83921791-188E-4C29-B7D2-70B18E25333D}
2011-12-03 20:00:33 -------- d-----w- c:\users\fag\appdata\local\{98BC93CC-A08C-4D76-8262-C03143CFEC8D}
2011-12-03 20:00:22 -------- d-----w- c:\users\fag\appdata\local\{7E5D6FC4-6D82-4A16-8C05-79BFB7BEA5B4}
2011-12-01 22:49:07 -------- d-----w- c:\users\fag\appdata\local\{BC0C6482-9962-4072-8439-8B2388A8A787}
2011-12-01 22:48:56 -------- d-----w- c:\users\fag\appdata\local\{57BE44B1-8359-4515-B45A-11E4FF36EA5D}
2011-12-01 22:47:51 -------- d-----w- c:\windows\en
2011-12-01 22:46:40 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-01 22:45:52 -------- d-----w- c:\windows\PCHEALTH
2011-12-01 22:40:30 94040 ----a-w- c:\program files\common files\windows live\.cache\38ae6d071ccb07a03\DSETUP.dll
2011-12-01 22:40:30 525656 ----a-w- c:\program files\common files\windows live\.cache\38ae6d071ccb07a03\DXSETUP.exe
2011-12-01 22:40:30 1691480 ----a-w- c:\program files\common files\windows live\.cache\38ae6d071ccb07a03\dsetup32.dll
2011-12-01 22:40:17 94040 ----a-w- c:\program files\common files\windows live\.cache\31cc3d7a1ccb07a02\DSETUP.dll
2011-12-01 22:40:17 525656 ----a-w- c:\program files\common files\windows live\.cache\31cc3d7a1ccb07a02\DXSETUP.exe
2011-12-01 22:40:17 1691480 ----a-w- c:\program files\common files\windows live\.cache\31cc3d7a1ccb07a02\dsetup32.dll
2011-12-01 22:39:38 -------- d-----w- c:\users\fag\appdata\local\Windows Live
2011-12-01 22:39:33 -------- d-----w- c:\program files\common files\Windows Live
2011-12-01 21:52:38 -------- d-----w- C:\Fraps
2011-11-30 17:45:51 -------- d--h--w- c:\windows\msdownld.tmp
2011-11-30 17:45:43 -------- d-----w- c:\windows\system32\directx
2011-11-27 20:12:33 -------- d-----w- c:\users\fag\appdata\roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2011-11-27 20:12:15 -------- d-----w- c:\users\fag\appdata\roaming\Wacom
2011-11-27 20:11:59 -------- d-----w- c:\programdata\Wacom
2011-11-27 20:10:16 -------- d-----w- c:\users\fag\appdata\local\Adobe
2011-11-27 20:09:35 -------- d-----w- c:\program files\Bamboo Dock
2011-11-27 20:05:15 -------- d-----w- c:\users\fag\appdata\roaming\WTablet
2011-11-27 20:05:14 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-11-27 20:05:00 -------- d-----w- c:\program files\TabletPlugins
2011-11-27 20:04:53 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-11-27 20:03:47 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-11-27 20:02:33 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-11-27 20:02:24 1152888 ----a-w- c:\windows\system32\WacomMT.dll
2011-11-27 20:02:22 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-11-27 20:02:22 1156472 ----a-w- c:\windows\system32\Wintab32.dll
2011-11-27 20:02:13 -------- d-----w- c:\program files\Tablet
2011-11-27 19:50:07 -------- d-----w- c:\users\fag\appdata\roaming\SYSTEMAX Software Development
2011-11-27 19:50:07 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2011-11-27 18:45:32 -------- d-----w- c:\program files\WinPcap
2011-11-27 18:44:55 -------- d-----w- c:\programdata\Freemake
2011-11-27 18:44:29 -------- d-----w- c:\program files\Freemake
2011-11-27 09:41:20 -------- d-sh--w- C:\found.000
2011-11-17 01:33:42 -------- d-----w- c:\program files\REACTOR
.
==================== Find3M ====================
.
2011-11-06 03:01:22 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-05 04:35:00 981504 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 02:48:51 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03:04 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 4:33:53.62 ===============
 
DDS Log 2


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/24/2010 9:50:54 PM
System Uptime: 12/16/2011 3:27:16 AM (1 hours ago)
.
Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | U2E1 | 1833/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 90.655 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
Service:
.
==== System Restore Points ===================
.
RP188: 12/16/2011 3:30:04 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Ahriman's Prophecy
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
Bamboo
Bamboo Dock
Bandisoft MPEG-1 Decoder
Bonjour
CCleaner
Conexant HD Audio
CoolSpeech
CyberLink YouCam
D3DX10
Dark Eternal- Dissolution
DAZ Content Management Service
DAZ Studio 4
DS4 Default Content
Elsword version 1.17
ESET Online Scanner v3
Eusing Free Registry Cleaner
Facebook Video Calling 1.0.0.8714
Facebook Video Calling 1.0.0.8953
File Shredder 2.0
Fraps (remove only)
Free Window Registry Repair
Freemake Video Downloader
Game Booster 3
Google Chrome
Grand Chase
HDAUDIO Soft Data Fax Modem with SmartCP
HyperCam 2
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire 5.5.16
Mabinogi
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.6.22)
MSVCRT
Nexon Game Manager
ooVoo
ooVoo Toolbar
Pale Moon project (3.6.6)
Pando Media Booster
Portal 2
Project64 1.6
QuickTime
RPG Maker 2003 v1.08
RuneScape Launcher 1.0.4
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
SUPERAntiSpyware
TuneUp Companion 1.9.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Vuze
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Center
WinPcap 4.1.2
WinRAR 4.01 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 8:11:44 PM, Error: yukonw7 [101] - Driver status 1
12/16/2011 3:28:24 AM, Error: Service Control Manager [7023] - The Block Level Backup Engine Service service terminated with the following error: %%-2147024713
12/16/2011 3:28:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
12/16/2011 3:27:36 AM, Error: Microsoft-Windows-Eventlog [22] - The event logging service encountered an error while initializing publishing resources for channel Security. If channel type is Analytic or Debug, then this could mean there was an error initializing logging resources as well.
12/16/2011 3:25:12 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/16/2011 3:24:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi cdrom discache SASDIFSV SASKUTIL spldr Wanarpv6
12/16/2011 3:24:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x00047c8c, 0x00000000, 0x00047ccc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-20701-01.
12/16/2011 3:24:35 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\SystemRoot\System32\Config\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
12/16/2011 3:19:45 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
12/16/2011 3:19:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/16/2011 3:19:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/16/2011 3:19:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/16/2011 3:19:04 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x00064f49, 0x00000002, 0x000886bf). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-24148-01.
12/16/2011 3:15:24 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000004e (0x00000099, 0x00043dd4, 0x00000000, 0x00043e14). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-20997-01.
12/16/2011 3:10:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1005] - Unable to produce a minidump file from the full dump file.
12/16/2011 3:10:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041201, 0xc01b7f20, 0x5563d867, 0x87b20098). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
12/16/2011 3:06:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc000001d, 0x8b3ac81b, 0x8cf13588, 0x8cf13160). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-24819-01.
12/16/2011 3:01:38 AM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
12/16/2011 3:01:16 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x8b3bcf3a, 0x8cf23968, 0x8cf23540). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121611-21372-01.
12/16/2011 2:19:01 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000024 (0x001904fb, 0x919e970c, 0x919e92f0, 0x8ba8e943). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
12/15/2011 8:28:42 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
12/15/2011 8:27:56 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
12/15/2011 3:50:03 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00005003, 0xc0802000, 0x0000019a, 0x0019c374). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121511-19671-01.
12/15/2011 10:41:44 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/14/2011 5:14:21 PM, Error: Microsoft-Windows-HttpEvent [15006] - Owner of the log file or directory \SystemRoot\System32\LogFiles\HTTPERR\httperr1.log is invalid. This could be because another user has already created the log file or the directory.
12/12/2011 5:05:45 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041790, 0xc0802090, 0x0000ffff, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2011 4:59:16 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
12/12/2011 2:57:13 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001a (0x00041790, 0xc080209a, 0x0000ffff, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: .
12/12/2011 12:43:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xc0000005, 0x82c8c8a3, 0x8cf23a70, 0x8cf23650). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121211-26426-01.
12/10/2011 2:18:43 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
12/10/2011 12:52:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================

Upload GMER log here: http://www.filedropper.com/
Post download link (copy URL: link):
p4465520.gif
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR Log


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-16 21:44:07
-----------------------------
21:44:07.034 OS Version: Windows 6.1.7601 Service Pack 1
21:44:07.034 Number of processors: 2 586 0xF0D
21:44:07.036 ComputerName: FAG-PC UserName: FAG
21:44:09.174 Initialize success
21:44:09.545 AVAST engine defs: 11112101
21:44:43.925 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
21:44:43.928 Disk 0 Vendor: FUJITSU_MHZ2250BH_G2 8909 Size: 238475MB BusType: 11
21:44:46.058 Disk 0 MBR read successfully
21:44:46.062 Disk 0 MBR scan
21:44:46.066 Disk 0 Windows 7 default MBR code
21:44:46.126 Disk 0 scanning sectors +488394752
21:44:46.703 Disk 0 scanning C:\Windows\system32\drivers
21:46:35.193 Service scanning
21:46:36.816 Modules scanning
21:49:38.400 Disk 0 trace - called modules:
21:49:38.494 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys dxgmms1.sys
21:49:38.509 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x827a6460]
21:49:38.509 3 CLASSPNP.SYS[881bb59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x819fa908]
21:49:39.820 AVAST engine scan C:\Windows
21:51:36.196 AVAST engine scan C:\Windows\system32
22:09:37.309 AVAST engine scan C:\Windows\system32\drivers
22:09:58.385 AVAST engine scan C:\Users\FAG
22:28:55.814 AVAST engine scan C:\ProgramData
22:29:30.352 Scan finished successfully
22:30:24.484 Disk 0 MBR has been saved successfully to "C:\Users\FAG\Desktop\MBR.dat"
22:30:24.500 The log file has been saved successfully to "C:\Users\FAG\Desktop\aswMBR.txt"
 
ComboFix Log


ComboFix 11-12-16.03 - FAG 12/16/2011 22:34:58.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3062.1577 [GMT -5:00]
Running from: c:\users\FAG\Desktop\ComboFix.exe
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\searchplugins\bing-zugo.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-11-17 to 2011-12-17 )))))))))))))))))))))))))))))))
.
.
2011-12-17 03:48 . 2011-12-17 03:48 -------- d-----w- c:\users\FAG\AppData\Local\temp
2011-12-17 03:48 . 2011-12-17 03:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-12-17 03:48 . 2011-12-17 03:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-14 22:19 . 2011-11-24 04:25 2342912 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 22:19 . 2011-11-05 04:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 22:19 . 2011-10-15 05:38 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 22:19 . 2011-10-26 04:28 38912 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 22:19 . 2011-10-26 04:47 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 22:19 . 2011-10-26 04:47 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 05:11 . 2011-12-14 05:11 163329 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
2011-12-14 05:10 . 2011-12-14 05:11 -------- d-----w- c:\program files\Ahriman's Prophecy
2011-12-14 02:40 . 2011-12-14 02:40 -------- d-----w- c:\program files\rpg2003
2011-12-13 22:38 . 2011-12-13 22:38 -------- d-----w- c:\program files\BandiMPEG1
2011-12-08 22:37 . 2011-12-08 22:37 40960 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2011-12-08 22:37 . 2011-12-08 22:37 40960 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2011-12-08 22:37 . 2011-12-08 22:37 -------- d-----w- c:\program files\Project64 1.6
2011-12-08 02:58 . 2011-12-08 02:58 61440 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{3F6D3F2C-3DBA-4D20-96D6-D5676F7DB642}\NewShortcut2_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
2011-12-08 02:58 . 2011-12-08 02:58 61440 ----a-r- c:\users\FAG\AppData\Roaming\Microsoft\Installer\{3F6D3F2C-3DBA-4D20-96D6-D5676F7DB642}\NewShortcut21_3F6D3F2C3DBA4D2096D6D5676F7DB642.exe
2011-12-08 02:58 . 2011-12-08 02:58 -------- d-----w- c:\program files\Zenosoft
2011-12-08 02:57 . 2011-12-08 02:57 -------- d-----w- c:\windows\Downloaded Installations
2011-12-08 01:23 . 2011-12-08 01:23 -------- d-----w- c:\windows\lhsp
2011-12-08 01:23 . 2011-12-08 01:23 -------- d-----w- c:\program files\CoolSpeech
2011-12-06 05:43 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-12-06 05:43 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-12-06 05:43 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-12-01 22:47 . 2011-12-01 22:47 -------- d-----w- c:\windows\en
2011-12-01 22:46 . 2011-12-01 22:46 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-12-01 22:45 . 2011-12-01 22:45 -------- d-----w- c:\windows\PCHEALTH
2011-12-01 22:45 . 2011-12-01 22:46 -------- d-----w- c:\program files\Windows Live
2011-12-01 22:39 . 2011-12-11 02:08 -------- d-----w- c:\users\FAG\AppData\Local\Windows Live
2011-12-01 22:39 . 2011-12-01 22:39 -------- d-----w- c:\program files\Common Files\Windows Live
2011-12-01 21:52 . 2011-12-01 21:52 -------- d-----w- C:\Fraps
2011-11-30 17:45 . 2011-11-30 17:47 -------- d--h--w- c:\windows\msdownld.tmp
2011-11-27 20:12 . 2011-11-27 20:12 -------- d-----w- c:\users\FAG\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2011-11-27 20:12 . 2011-11-27 20:12 -------- d-----w- c:\users\FAG\AppData\Roaming\Wacom
2011-11-27 20:11 . 2011-11-27 20:12 -------- d-----w- c:\programdata\Wacom
2011-11-27 20:11 . 2011-11-27 20:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-11-27 20:10 . 2011-11-27 20:10 -------- d-----w- c:\users\FAG\AppData\Local\Adobe
2011-11-27 20:09 . 2011-11-27 20:12 -------- d-----w- c:\program files\Bamboo Dock
2011-11-27 20:05 . 2011-11-27 20:05 -------- d-----w- c:\users\FAG\AppData\Roaming\WTablet
2011-11-27 20:05 . 2011-09-08 22:48 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2011-11-27 20:04 . 2011-09-08 22:49 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2011-11-27 20:03 . 2011-09-08 22:49 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2011-11-27 20:02 . 2011-09-08 22:49 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2011-11-27 20:02 . 2011-09-08 22:48 1152888 ----a-w- c:\windows\system32\WacomMT.dll
2011-11-27 20:02 . 2011-09-08 22:48 1156472 ----a-w- c:\windows\system32\Wintab32.dll
2011-11-27 20:02 . 2011-09-08 22:48 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
2011-11-27 20:02 . 2011-11-27 20:05 -------- d-----w- c:\program files\Tablet
2011-11-27 19:50 . 2011-11-27 19:50 -------- d-----w- c:\users\FAG\AppData\Roaming\SYSTEMAX Software Development
2011-11-27 19:50 . 2011-11-27 19:50 -------- d-----w- c:\programdata\SYSTEMAX Software Development
2011-11-27 18:45 . 2011-11-27 18:45 -------- d-----w- c:\program files\WinPcap
2011-11-27 18:44 . 2011-11-27 18:46 -------- d-----w- c:\programdata\Freemake
2011-11-27 18:44 . 2011-11-27 18:44 -------- d-----w- c:\program files\Freemake
2011-11-27 09:41 . 2011-11-27 09:41 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 22:44 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-06 03:01 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-10-03 10:06 . 2010-05-25 03:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-29 16:03 . 2011-11-10 08:08 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59c6f12b-f004-43e5-9997-08f2123119b6}]
2011-01-06 04:30 81920 ----a-w- c:\program files\oovootoolbar\oovootoolbarX.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 20:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
"{59c6f12b-f004-43e5-9997-08f2123119b6}"= "c:\program files\oovootoolbar\oovootoolbarX.dll" [2011-01-06 81920]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{59c6f12b-f004-43e5-9997-08f2123119b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^FAG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\FAG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2011-09-13 03:36 137536 ----atw- c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-05-18 13:25 22631608 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-12-16 08:07 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2009-05-20 02:16 222504 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 14:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Mirror Tray icon]
2009-06-11 17:14 162912 ----a-w- c:\program files\CyberLink\YouCam\YouCamTray.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [2011-11-24 8704]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2011-08-21 4178784]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 Synth3dVsc;Synth3dVsc; [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
R3 VGPU;VGPU; [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 10752]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-10 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 5554552]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 451960]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 XDva391;XDva391;c:\windows\system32\XDva391.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - dump_wmimmc
*Deregistered* - uwldypow
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-16 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000Core.job
- c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 03:36]
.
2011-12-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000UA.job
- c:\users\FAG\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 03:36]
.
2011-12-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000Core.job
- c:\users\FAG\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 17:22]
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4092775245-913444807-781344819-1000UA.job
- c:\users\FAG\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-07 17:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
FF - ProfilePath - c:\users\FAG\AppData\Roaming\Mozilla\Firefox\Profiles\tadpvum0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z015&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z015&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: Softonic-Eng7 Community Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: ooVooToolbar: {59c6f12b-f004-43e5-9997-08f2123119b6} - %profile%\extensions\{59c6f12b-f004-43e5-9997-08f2123119b6}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-16 22:58:42
ComboFix-quarantined-files.txt 2011-12-17 03:58
ComboFix2.txt 2011-11-01 23:00
.
Pre-Run: 108,187,795,456 bytes free
Post-Run: 111,487,619,072 bytes free
.
- - End Of File - - CEA3FCB72322470A1BD3CF0E8E30142C
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Users claim Windows iCloud app bug is inserting images and videos from other people into...
Replies
5
Views
687
lazer
lazer
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz
J
Windows and/or hard drive corrupted or something else?
Replies
4
Views
2K
Cycloid Torus
Cycloid Torus

Latest posts

Back