Inactive [A] Please help! 2 iexplorer.exe running problem

Status
Not open for further replies.
C

carmenmiranda

I have two iexplorer.exe running and the first one is using TONS of memory. I am sure I am a couple of issues going on. ANY help is greatly appreciated. I have attached my hijackthis.log file. Please let me know if I can give any more information that may be of help.
 

Attachments

  • hijackthis.log
    14.8 KB · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
MBAM Log

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.06.03

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Karen :: KAREN-PC [administrator]

Protection: Disabled

2/6/2012 11:03:20 AM
mbam-log-2012-02-06 (11-03-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236572
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Gmer

Just performed scan with GMER and it had a message saying that GMER did not find any system modifications (I believe that was what it said). Should it not still have given me some type of log?
 
DDS.txt

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Karen at 11:10:37 on 2012-02-07
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4086.2136 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\QuickTime\QTTask.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\AVG\AVG10\avgcsrvx.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://www.searchqu.com/102
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [NPSStartup]
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{2ABFCD2B-2CF6-4F76-B952-78EAB66624D3} : NameServer = 192.168.0.1
TCP: Interfaces\{2ABFCD2B-2CF6-4F76-B952-78EAB66624D3}\14E64616140707C656 : DhcpNameServer = 10.0.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll
mRun-x64: [NPSStartup]
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karen\AppData\Roaming\Mozilla\Firefox\Profiles\74hfidoo.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=102&sr=0&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/102
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Karen\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-2 2343816]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-6 652360]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-16 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BENDER;Pinnacle DV/AV Capture;C:\Windows\system32\drivers\bender64.sys --> C:\Windows\system32\drivers\bender64.sys [?]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 rt61x64;RT61 Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr6164.sys --> C:\Windows\system32\DRIVERS\netr6164.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-8-18 167264]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-29 1038088]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 SeqCal;SeqCal;C:\Windows\system32\DRIVERS\SeqCal.sys --> C:\Windows\system32\DRIVERS\SeqCal.sys [?]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\system32\DRIVERS\sscebus.sys --> C:\Windows\system32\DRIVERS\sscebus.sys [?]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\system32\DRIVERS\sscemdfl.sys --> C:\Windows\system32\DRIVERS\sscemdfl.sys [?]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\system32\DRIVERS\sscemdm.sys --> C:\Windows\system32\DRIVERS\sscemdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2011-5-3 16448]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-07 14:59:06 -------- d-----w- C:\Users\Karen\AppData\Local\{62C3D3FE-F045-4A12-8BC1-3BC16139DB2C}
2012-02-07 14:58:40 -------- d-----w- C:\Users\Karen\AppData\Local\{614180E7-AFC4-4319-B8A5-7EBD91A2E743}
2012-02-07 14:57:08 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-02-06 22:22:54 -------- d-----w- C:\Users\Karen\AppData\Local\{9F2EAA13-7664-42B4-B31F-C7A99B455FD0}
2012-02-06 22:22:42 -------- d-----w- C:\Users\Karen\AppData\Local\{D6FE7DFF-939B-4636-A932-7DE381A90CA5}
2012-02-06 21:50:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-02-06 18:06:58 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-06 18:06:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-06 15:04:24 -------- d-----w- C:\Users\Karen\AppData\Local\{987ABBDD-9FEE-4038-8B06-D80A71066DA3}
2012-02-06 15:04:05 -------- d-----w- C:\Users\Karen\AppData\Local\{ECD358B0-3CCE-48B5-8F43-6AC19DC94EBD}
2012-02-05 22:59:56 -------- d-----w- C:\Users\Karen\AppData\Local\{2C99BECF-00DA-4C8A-9127-D63D291458EC}
2012-02-05 22:59:32 -------- d-----w- C:\Users\Karen\AppData\Local\{09B5F7CE-66A8-4CFF-BBA4-229F82E8224F}
2012-02-05 20:01:46 750440 ------w- C:\Windows\System32\HPDiscoPM9311.dll
2012-02-05 20:01:06 -------- d-----w- C:\Program Files (x86)\HP
2012-02-05 20:01:05 -------- d-----w- C:\Program Files\HP
2012-02-05 20:00:12 -------- d-----w- C:\Users\Karen\AppData\Local\HP
2012-02-05 19:50:39 -------- d-----w- C:\Users\Karen\AppData\Local\{7E7CA227-C405-4F76-9235-177A18FF1802}
2012-02-05 19:50:17 -------- d-----w- C:\Users\Karen\AppData\Local\{37D3693D-C4EB-4930-968A-40B1C0753946}
2012-02-05 18:30:21 -------- d-----w- C:\Users\Karen\AppData\Local\{730FF914-CCAF-45EB-9A3C-28E5331621D0}
2012-02-05 18:30:10 -------- d-----w- C:\Users\Karen\AppData\Local\{FF270B10-0F2C-4144-802D-E825F57C343E}
2012-02-05 17:38:59 388096 ----a-r- C:\Users\Karen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-05 17:38:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-02-05 17:16:34 -------- d-----w- C:\Users\Karen\AppData\Local\{BF603BFC-82BF-47C7-8D83-8E88A874EF36}
2012-02-05 17:16:06 -------- d-----w- C:\Users\Karen\AppData\Local\{0249FA9E-75C2-4712-8DE6-4230621E1A64}
2012-02-04 17:56:51 -------- d-----w- C:\Users\Karen\AppData\Local\{07C83114-D5CA-4F0E-9120-454CC9E4D96A}
2012-02-04 17:56:24 -------- d-----w- C:\Users\Karen\AppData\Local\{9915759A-599D-4E88-97EC-E8D159AB4BD9}
2012-02-04 15:31:50 -------- d-----w- C:\Users\Karen\AppData\Local\{1E05CA7E-436A-4A8E-A779-2F811B3C7F02}
2012-02-04 15:31:26 -------- d-----w- C:\Users\Karen\AppData\Local\{92DA8D90-D3D6-41C0-9A71-D34A5750459D}
2012-02-03 17:47:28 -------- d-----w- C:\Users\Karen\AppData\Local\{82442066-2384-4789-962C-A4A5502072C5}
2012-02-03 17:47:07 -------- d-----w- C:\Users\Karen\AppData\Local\{3BD7C99F-26F7-4487-B5DE-01975C591ED1}
2012-02-03 17:46:38 -------- d-----w- C:\Users\Karen\AppData\Local\{EBF00752-7605-4EE6-B69E-1B477DD4253F}
2012-02-03 17:46:10 -------- d-----w- C:\Users\Karen\AppData\Local\{AE4361AE-D72C-43A0-BBFD-A7580E7C39A0}
2012-02-03 17:40:49 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-02-03 15:09:33 -------- d-----w- C:\Users\Karen\AppData\Local\{1F9B9764-3EF1-428F-9CAE-F2AC13B96BDC}
2012-02-03 15:08:57 -------- d-----w- C:\Users\Karen\AppData\Local\{922D7D8F-766D-40DC-8495-EB4D82B324B3}
2012-02-02 15:00:54 -------- d-----w- C:\Users\Karen\AppData\Local\{CB23143E-781E-4515-B30E-BC5434874E2A}
2012-02-02 15:00:29 -------- d-----w- C:\Users\Karen\AppData\Local\{C52C9DCC-02CD-46A4-A683-5A0CC51A85B9}
2012-02-02 01:05:26 -------- d-----w- C:\ProgramData\Propellerhead Software
2012-02-01 15:10:41 -------- d-----w- C:\Users\Karen\AppData\Local\{ECAD6804-93B0-4B0B-BF90-E84834901ED0}
2012-02-01 15:10:11 -------- d-----w- C:\Users\Karen\AppData\Local\{91D9325F-2088-4B88-8937-ACA782777549}
2012-02-01 05:06:47 -------- d-----w- C:\Users\Karen\AppData\Local\{07A6539A-8F5A-429B-B0DA-7A437001325B}
2012-02-01 05:06:32 -------- d-----w- C:\Users\Karen\AppData\Local\{FE7D854E-F731-4ADA-A048-5D941480E4A3}
2012-01-31 19:07:16 -------- d-----w- C:\Users\Karen\AppData\Local\{6180AF0A-A970-4CF6-9D44-A854B35C7489}
2012-01-31 19:07:05 -------- d-----w- C:\Users\Karen\AppData\Local\{A7D86378-C22E-45E1-A4FA-3F506ABCA10E}
2012-01-31 17:22:19 -------- d-----w- C:\Users\Karen\AppData\Local\{4FCFB2EF-1486-4CFA-A1FE-CAE35F7CF989}
2012-01-31 17:21:51 -------- d-----w- C:\Users\Karen\AppData\Local\{34CEDEB6-4759-4BE6-8054-2837CB8DFA0C}
2012-01-31 15:34:42 -------- d-----w- C:\Users\Karen\AppData\Local\{C4C33698-E70D-4DF4-B144-3DF61FA9EC5E}
2012-01-31 15:34:16 -------- d-----w- C:\Users\Karen\AppData\Local\{BADC9516-080C-4ED7-A153-92647CE3FC52}
2012-01-31 02:53:41 -------- d-----w- C:\Program Files (x86)\Propellerhead
2012-01-30 21:17:25 -------- d-----w- C:\Users\Karen\AppData\Local\{5B908B0C-2F5E-486A-8D2E-8CE4466B0C33}
2012-01-30 21:17:13 -------- d-----w- C:\Users\Karen\AppData\Local\{B8129A6A-9914-4B33-A971-4CB43C211CFD}
2012-01-30 15:16:37 -------- d-----w- C:\Users\Karen\AppData\Local\{9064B00C-0779-4338-8521-623A97279E18}
2012-01-30 15:16:07 -------- d-----w- C:\Users\Karen\AppData\Local\{02F39CCB-7261-4BD0-B4B2-4E0377F8BACB}
2012-01-30 00:23:56 -------- d-----w- C:\Program Files (x86)\ASIO4ALL v2
2012-01-30 00:23:31 -------- d-----w- C:\Program Files (x86)\VstPlugins
2012-01-30 00:23:19 1294336 ----a-w- C:\Windows\SysWow64\vorbis.acm
2012-01-30 00:23:12 -------- d-----w- C:\Program Files (x86)\Outsim
2012-01-30 00:22:36 -------- d-----w- C:\Program Files (x86)\Image-Line
2012-01-29 23:53:46 -------- d-----w- C:\Program Files (x86)\Sony
2012-01-29 23:52:55 -------- d-----w- C:\Program Files (x86)\Sony Setup
2012-01-29 15:28:11 -------- d-----w- C:\Users\Karen\AppData\Local\{0D6763BE-B5E8-4159-88BC-70EFEF3358E7}
2012-01-29 15:27:55 -------- d-----w- C:\Users\Karen\AppData\Local\{65733AFA-C3EA-4252-AB7F-BB33FCC6085A}
2012-01-28 19:04:30 -------- d-----w- C:\Users\Karen\AppData\Local\{AE62C747-8362-46CB-87C1-A143EC16A79D}
2012-01-28 19:04:19 -------- d-----w- C:\Users\Karen\AppData\Local\{E47064CB-0A5A-401B-A630-AEB04559E5FD}
2012-01-28 15:47:34 -------- d-----w- C:\Users\Karen\AppData\Local\{8514530B-648E-4DAC-9E38-81D065EA94A0}
2012-01-28 15:47:21 -------- d-----w- C:\Users\Karen\AppData\Local\{66CEB986-F355-4D81-B3A6-097B5DD10CCA}
2012-01-28 07:29:42 -------- d-sh--w- C:\Windows\ftpcache
2012-01-28 07:29:24 -------- d-----w- C:\Users\Karen\AppData\Local\jZip
2012-01-28 07:28:52 -------- d-----w- C:\ProgramData\boost_interprocess
2012-01-28 07:28:49 -------- d-----w- C:\Program Files (x86)\jZip
2012-01-28 07:26:57 -------- d-----w- C:\Users\Karen\AppData\Local\{9CCA3521-5315-487E-93B4-1CD22D6C6269}
2012-01-28 07:26:45 -------- d-----w- C:\Users\Karen\AppData\Local\{8302E057-9BC2-416D-A00E-CBD21054A3E7}
2012-01-28 07:00:10 -------- d-----w- C:\Users\Karen\AppData\Roaming\Malwarebytes
2012-01-28 07:00:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-28 06:56:17 -------- d-----w- C:\Users\Karen\AppData\Local\{9DBB9CFA-B2E0-4B8B-8D4A-AF5F4001E1C6}
2012-01-28 06:56:02 -------- d-----w- C:\Users\Karen\AppData\Local\{38680F54-EB98-44F8-934A-7671BE084D6B}
2012-01-27 15:23:07 -------- d-----w- C:\Users\Karen\AppData\Local\{20BF8473-DA75-45F5-9E0E-CB06C53E9389}
2012-01-27 15:21:58 -------- d-----w- C:\Users\Karen\AppData\Local\{C48F130B-D2B2-46B9-8108-27501FACBDB7}
2012-01-26 15:29:11 -------- d-----w- C:\Users\Karen\AppData\Local\{2D875082-A2EA-4BC6-9E8F-E9CD69B52C0A}
2012-01-26 15:27:51 -------- d-----w- C:\Users\Karen\AppData\Local\{4178238D-9C5D-4327-8682-B91BC6D71282}
2012-01-26 01:40:18 -------- d-----w- C:\Windows\9013B37099D4404B9DB9779B51CEB5FF.TMP
2012-01-25 15:31:45 -------- d-----w- C:\Users\Karen\AppData\Local\{E9AB48A2-B460-4D02-A01B-3CD4594C3729}
2012-01-25 15:30:32 -------- d-----w- C:\Users\Karen\AppData\Local\{2EAF90D0-9FCA-42EC-860C-C0C9906CE201}
2012-01-24 21:18:27 -------- d-----w- C:\Users\Karen\AppData\Local\{579ABABF-D2E2-478B-AAE5-18212B4C6AB7}
2012-01-24 21:18:08 -------- d-----w- C:\Users\Karen\AppData\Local\{A560CB50-C4B4-4541-B1E1-A0963EDA819A}
2012-01-24 15:38:18 -------- d-----w- C:\Users\Karen\AppData\Local\{2AA0239F-6DF7-407F-9855-1BCEBE9057CF}
2012-01-24 15:37:22 -------- d-----w- C:\Users\Karen\AppData\Local\{DAFE4BBA-0FC8-4E98-AF9C-721C58473B5A}
2012-01-23 15:37:46 -------- d-----w- C:\Users\Karen\AppData\Local\{BBF9DC2A-33A1-40D8-B557-7FF3687CEAF9}
2012-01-23 15:37:02 -------- d-----w- C:\Users\Karen\AppData\Local\{5D2773D4-2CFC-45E4-B83C-DADC09324F48}
2012-01-22 17:25:55 -------- d-----w- C:\Users\Karen\AppData\Local\{20115741-F92F-4811-B9B5-BC3880C7CE63}
2012-01-22 17:25:39 -------- d-----w- C:\Users\Karen\AppData\Local\{1750F63B-6D36-4290-89BA-83A077E2FC86}
2012-01-21 15:00:53 -------- d-----w- C:\Users\Karen\AppData\Local\{C757AA93-61EF-44FE-9C4D-4A4AFF737209}
2012-01-21 14:59:19 -------- d-----w- C:\Users\Karen\AppData\Local\{29B40D24-D947-49E2-A5E4-CD3FF1D6635A}
2012-01-21 02:45:48 -------- d-----w- C:\Users\Karen\AppData\Local\{3528AC22-1730-40F7-914E-FF61B2F130C4}
2012-01-21 02:45:17 -------- d-----w- C:\Users\Karen\AppData\Local\{A8653AB2-BE0E-4743-B2F7-C334EE7B32B8}
2012-01-20 15:46:15 -------- d-----w- C:\Users\Karen\AppData\Local\{E0FA9BCA-412F-42C7-A4C1-1FDD5010BA94}
2012-01-20 15:45:17 -------- d-----w- C:\Users\Karen\AppData\Local\{2EB558F2-1C02-4C1C-B570-61D33213272C}
2012-01-19 23:21:05 -------- d-----w- C:\Users\Karen\AppData\Local\{B893963F-E2CA-4C5E-B377-D9F54CC7B6CE}
2012-01-19 21:51:53 -------- d-----w- C:\Users\Karen\AppData\Local\{12964A0A-BC26-4AC1-85E8-625C9F273653}
2012-01-19 21:50:13 -------- d-----w- C:\Users\Karen\AppData\Local\{EF9023EE-5FF4-491C-B1CF-16D92C08621C}
2012-01-19 15:56:21 -------- d-----w- C:\Users\Karen\AppData\Local\{F086083D-A2B2-47AF-B790-0D5E3947BA05}
2012-01-19 15:55:25 -------- d-----w- C:\Users\Karen\AppData\Local\{F69EBA50-0C5D-498C-AD87-5295438BF6F3}
2012-01-18 16:27:37 -------- d-----w- C:\Users\Karen\AppData\Local\{CCCFC85A-E8AF-42CF-AE70-C2D1B16542DC}
2012-01-18 16:26:24 -------- d-----w- C:\Users\Karen\AppData\Local\{ECBF8F1F-C922-4FD0-B706-4CFEA92E2871}
2012-01-17 16:15:15 -------- d-----w- C:\Users\Karen\AppData\Local\{5EED7E19-3EC5-4356-BD1C-0DAE6D92E4A6}
2012-01-17 16:14:54 -------- d-----w- C:\Users\Karen\AppData\Local\{BFF345BF-21C0-49FA-8C04-E144DFC0CEE2}
2012-01-16 17:37:39 -------- d-----w- C:\Users\Karen\AppData\Local\{27BDB1C0-B43C-4CAB-87C5-D7E100618B73}
2012-01-16 17:37:26 -------- d-----w- C:\Users\Karen\AppData\Local\{695DDDB8-7290-42C4-AD2A-A184D21E096D}
2012-01-16 17:36:37 -------- d-----w- C:\Users\Karen\AppData\Local\{59807320-AA63-483A-8B25-1076077987BC}
2012-01-16 17:36:26 -------- d-----w- C:\Users\Karen\AppData\Local\{763C6A33-DB19-4669-ACA3-168923934DE9}
2012-01-15 15:17:51 -------- d-----w- C:\Users\Karen\AppData\Local\{4598DB42-121D-4479-AF6E-7F25F7F33F60}
2012-01-15 15:16:58 -------- d-----w- C:\Users\Karen\AppData\Local\{BD26A32E-24B3-4973-AE68-2B5DF93D4ECF}
2012-01-15 03:52:20 -------- d-----w- C:\Users\Karen\AppData\Local\{DF5C6D4B-4A04-4601-B170-F4218CB92306}
2012-01-15 03:52:09 -------- d-----w- C:\Users\Karen\AppData\Local\{65267901-3E9B-42C0-BAB1-CEB2FB5F5366}
2012-01-14 15:10:10 -------- d-----w- C:\Users\Karen\AppData\Local\{983B880F-7193-446A-ACC9-92D36E6563B5}
2012-01-14 15:08:56 -------- d-----w- C:\Users\Karen\AppData\Local\{A9577180-024B-4C07-8406-13AB3667044C}
2012-01-14 06:12:43 -------- d-----w- C:\Program Files (x86)\EA GAMES
2012-01-13 21:36:56 -------- d-----w- C:\Users\Karen\AppData\Local\{A07D34C8-24E9-490A-8E3A-FDF441091656}
2012-01-13 21:36:44 -------- d-----w- C:\Users\Karen\AppData\Local\{55248236-AF40-4DA6-ABCE-B632D0BEC197}
2012-01-13 15:19:27 -------- d-----w- C:\Users\Karen\AppData\Local\{5EAC4663-C2DB-4485-A870-38BBD5749F26}
2012-01-13 15:19:01 -------- d-----w- C:\Users\Karen\AppData\Local\{596827A4-2C1A-4873-AA5B-C93D5D534ACC}
2012-01-12 15:29:06 -------- d-----w- C:\Users\Karen\AppData\Local\{1653D20D-CB26-46B0-BEA0-2E5BCFE5DF26}
2012-01-12 15:28:41 -------- d-----w- C:\Users\Karen\AppData\Local\{B5B00941-0B86-42BE-A68A-1B4A8F2F9F98}
2012-01-11 15:41:20 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-11 15:41:20 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-11 15:41:19 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-11 15:41:19 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-11 15:41:17 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-11 15:41:17 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-11 15:41:16 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-11 15:41:16 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-11 15:35:24 -------- d-----w- C:\Users\Karen\AppData\Local\{1CCD98D6-E4A6-49F7-A772-1D963C0D3560}
2012-01-11 15:35:06 -------- d-----w- C:\Users\Karen\AppData\Local\{517EE2D1-E3F1-4113-B361-8149DE101BFD}
2012-01-10 15:37:03 -------- d-----w- C:\Users\Karen\AppData\Local\{9E3F0AA6-B375-48A6-8312-41833042C492}
2012-01-10 15:36:39 -------- d-----w- C:\Users\Karen\AppData\Local\{4785875F-4883-475C-98BC-30C754438CB4}
2012-01-09 15:50:33 -------- d-----w- C:\Users\Karen\AppData\Local\{5F6C6190-7068-4D05-8FF1-F0B95A64E744}
2012-01-09 15:50:21 -------- d-----w- C:\Users\Karen\AppData\Local\{A963A06A-44C8-4B66-93BB-F8754F7F1398}
.
==================== Find3M ====================
.
2011-12-16 22:05:59 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-16 21:54:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-12-16 02:07:21 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-12-16 02:07:21 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-12-16 01:18:47 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-10 22:14:57 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2011-11-13 17:20:19 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:11:43.59 ===============
 
Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume3
Install Date: 10/28/2010 9:01:28 PM
System Uptime: 2/7/2012 8:32:46 AM (3 hours ago)
.
Motherboard: Intel Corporation | | DP55WG
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | LGA 1156 | 2661/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 255.128 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 234 GiB total, 26.238 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 670.703 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP261: 2/4/2012 8:14:35 PM - 2/4/12-8:14 pm
RP262: 2/5/2012 9:38:29 AM - Installed HiJackThis
RP263: 2/5/2012 9:59:59 AM - Installed HiJackThis
RP264: 2/5/2012 11:05:01 AM - Removed Battlefield 1942: The Road To Rome
RP265: 2/5/2012 11:05:40 AM - Removed Battlefield 1942: Secret Weapons of WWII
RP266: 2/5/2012 11:06:20 AM - Removed Battlefield 1942
RP267: 2/6/2012 2:10:32 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.4.6
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
APB Reloaded
Apple Application Support
Apple Software Update
ASIO4ALL
AutoHotkey 1.0.48.05
Battlelog Web Plugins
CameraHelperMsi
Collab
Connect
CraftBukkit
D3DX10
Daniusoft MP3 WAV Converter(Build 2.3.1.0)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
erLT
ESN Sonar
Eye-One Match 3.6.2
Facebook Video Calling 1.1.1.1
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HP Deskjet 3050 J610 series Help
i1_driver_installer_utility_i1Match version 1.0
IL Download Manager
J2SE Development Kit 5.0
J2SE Development Kit 5.0 Update 22
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 22
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
jZip
Killing Floor
kuler
LeapFrog Connect
LeapFrog My Pals Plugin
Logitech Vid
Logitech Webcam Software
LogMeIn Hamachi
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.60.1.1000
Men of War: Assault Squad
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft PowerPoint Viewer
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 6.0.1 (x86 en-US)
MSI Wireless LAN Card
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NVIDIA PhysX
PDF Settings CS4
Photoshop Camera Raw
PoiZone
Portal
Portforward Static IP Address 1.0.45
Portrait Professional 10.1 Trial
PunkBuster Services
QuickTime
Rise of Immortals
ROES.whcc
Rusty Hearts
Samsung New PC Studio
Security Task Manager 1.8d
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Sid Meier's Civilization V
Skype Click to Call
Skype™ 5.5
Sony Media Manager 2.2
Spiral Knights
Steam
Stella 3.1.2
Suite Shared Configuration CS4
Team Fortress 2
Terraria
The Elder Scrolls IV: Oblivion
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
VC90_CRT_x64
virtualPhotographer 1.5.6
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WModem Driver Installer
.
==== Event Viewer Messages From Past Week ========
.
2/7/2012 6:57:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
2/7/2012 6:57:14 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/7/2012 6:57:13 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/7/2012 6:56:43 AM, Error: Service Control Manager [7000] - The PDIHWCTL service failed to start due to the following error: The system cannot find the file specified.
2/6/2012 5:52:23 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
2/5/2012 4:53:17 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer ACER-E817FAE0D8 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{2ABFCD2B-2CF6-4F76-B952-78EAB66624D3}. The master browser is stopping or an election is being forced.
2/3/2012 9:49:42 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/2/2012 9:18:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===========================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Status
Not open for further replies.

Similar threads

carlosartur
  • Locked
Inactive-A Please analyze my FRST64 logs
Replies
24
Views
1K
Broni
Broni
B
Help with PUBG Mobile Pc
Replies
0
Views
441
basitdogar
B
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
479
eriksnyman1
E

Latest posts

Back