View Full Version : find-answers-fast redirect virus
Illtempered
2011-08-19, 22:44
I've run Asquared, adaware, and malwarebytes, but none of them have been able to find this redirect virus.
Here's my .dds log:
.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Chris at 14:40:48 on 2011-08-19
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8140.5997 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
C:\Program Files (x86)\Stardock\MyColors\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\program files (x86)\steam\steam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [<NO NAME>]
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{283961CF-9D58-4772-82DA-839030DE650A} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{91861386-4D45-4AC9-9E79-FDD22B03310D} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{91861386-4D45-4AC9-9E79-FDD22B03310D}\2456C6B696E6 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [(Default)]
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\t292kvru.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
FF - component: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-12 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-12 13336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-7-21 2151640]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-6-22 2337144]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-2-12 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-8-5 17152]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2011/07/24 20:53:27;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-25 241648]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-7 136176]
S3 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-7-16 6638080]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-7 136176]
S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-3-24 83240]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-08-13 18:56:40 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-08-13 18:55:34 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-13 18:46:18 -------- d-----w- C:\Users\Chris\AppData\Roaming\Malwarebytes
2011-08-13 18:46:15 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-13 18:46:12 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-06 04:03:56 -------- d-----w- C:\Program Files (x86)\GeMM
2011-08-06 03:36:02 -------- d-----w- C:\Users\Chris\AppData\Local\ECSD
2011-08-05 23:31:22 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-08-05 23:26:05 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-05 23:24:25 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-08-05 23:24:24 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-08-05 20:59:20 63488 --sha-r- C:\Windows\SysWow64\dui701.dll
2011-08-05 20:44:05 -------- d-----w- C:\Program Files (x86)\Common Files\BOSS
2011-08-05 19:29:33 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05D4BC07-47C0-4BE1-8A45-F828FCD79DB3}\mpengine.dll
2011-08-03 18:50:11 8192 ----a-w- C:\Windows\SysWow64\pythoncomloader27.dll
2011-08-03 18:50:11 354304 ----a-w- C:\Windows\SysWow64\pythoncom27.dll
2011-08-03 18:50:11 110080 ----a-w- C:\Windows\SysWow64\pywintypes27.dll
2011-08-03 18:49:04 -------- d-----w- C:\Python27
2011-08-03 16:27:10 -------- d-----w- C:\Games
2011-08-03 16:26:47 -------- d-----w- C:\Users\Chris\AppData\Local\FOMM
2011-08-02 03:09:23 -------- d-----w- C:\Users\Chris\AppData\Local\FalloutNV
2011-07-30 07:25:58 98304 ----a-w- C:\Windows\system32CmdLineExt.dll
2011-07-25 01:27:52 -------- d-----w- C:\Users\Chris\AppData\Local\Apps
2011-07-20 20:48:54 -------- d-----w- C:\Users\Chris\AppData\Roaming\com.essexreddevelopment.mergepdfmac
2011-07-20 20:30:06 -------- d-----w- C:\ProgramData\HP Photo Creations
2011-07-20 20:30:06 -------- d-----w- C:\Program Files (x86)\HP Photo Creations
2011-07-20 20:27:58 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-07-20 20:26:00 -------- d-----w- C:\Program Files (x86)\HP
.
==================== Find3M ====================
.
2011-08-13 15:24:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-25 01:52:08 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-07-25 01:52:07 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-07-25 01:52:07 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:41:16.85 ===============
Jack&Jill
2011-08-25, 06:27
Hello and welcome to Safer Networking.
I am currently assessing your situation and will be back with a fix for your problem as soon as possible.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.
Please be patient with me during this time.
Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
Illtempered
2011-08-25, 10:02
Thank you very much. I'll be watching for your reply. This is getting annoying. It's even forced me to use IE.
Jack&Jill
2011-08-26, 02:26
Hello Illtempered :),
Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.
Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.
--------------------
Please download aswMBR and save it to your desktop. Click here. (http://public.avast.com/~gmerek/aswMBR.exe)
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the aswMBR.exe file to run it.
Click on the Scan button to start. The program will launch a scan.
When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
Please post the contents of the log in your next reply.
--------------------
Scan with RogueKiller
Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.
Link 1 (http://www.sur-la-toile.com/RogueKiller/)
Link 2 (http://www.geekstogo.com/forum/files/file/413-roguekiller/)
Allow the download if prompted by your security software and please close all your programs.
Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
A program window will open. Type 1 for Scan and press Enter when prompted.
Once finished, Notepad will open with a log called RKreport.txt, located at the desktop.
Please copy and paste the contents of that log in your next reply.
--------------------
You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.
Get me Attach.txt from the earlier DDS run. If you did not save it, please rerun DDS and post back both logs.
--------------------
Please post back:
1. aswMBR log
2. RogueKiller result
3. MBAM log
4. DDS logs
Illtempered
2011-08-26, 20:15
Couple questions...
When I ran aswMBR it asked me if I wanted to download antivirus software before I could run the scan. Since this step wasn't in the instructions I clicked "no". Is that ok?
I've uninstalled MBAM since this started. Shall I reinstall it?
Here's my aswMBR.txt:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-26 12:03:17
-----------------------------
12:03:17.882 OS Version: Windows x64 6.1.7600
12:03:17.882 Number of processors: 8 586 0x2A07
12:03:17.882 ComputerName: CHRIS-HP UserName: Chris
12:03:18.974 Initialize success
12:03:30.938 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:03:30.938 Disk 0 Vendor: TOSHIBA_ GN00 Size: 715404MB BusType: 8
12:03:30.954 Disk 0 MBR read successfully
12:03:30.954 Disk 0 MBR scan
12:03:30.969 Disk 0 unknown MBR code
12:03:30.969 Service scanning
12:03:32.311 Modules scanning
12:03:32.311 Disk 0 trace - called modules:
12:03:32.342 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
12:03:32.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009d00060]
12:03:32.358 3 CLASSPNP.SYS[fffff8800149d43f] -> nt!IofCallDriver -> [0xfffffa8009b3ab10]
12:03:32.358 5 hpdskflt.sys[fffff880016b82bd] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d9a050]
12:03:32.373 Scan finished successfully
12:03:50.937 Disk 0 MBR has been saved successfully to "C:\Users\Chris\Desktop\MBR.dat"
12:03:50.937 The log file has been saved successfully to "C:\Users\Chris\Desktop\aswMBR.txt"
Here's my RKreport.txt:
RogueKiller V5.3.3 [08/18/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Chris [Admin rights]
Mode: Scan -- Date : 08/26/2011 12:06:44
Bad processes: 0
Registry Entries: 4
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
Particular Files / Folders:
HOSTS File:
Finished : << RKreport[1].txt >>
RKreport[1].txt
I've attached the attach.txt. Thanks again!
Jack&Jill
2011-08-27, 18:40
Hello Illtempered :),
When I ran aswMBR it asked me if I wanted to download antivirus software before I could run the scan. Since this step wasn't in the instructions I clicked "no". Is that ok?
I've uninstalled MBAM since this started. Shall I reinstall it? My intention is to have the antivirus software downloaded with aswMBR because it will used as part of the scanning. No worries since that you have skipped it. For MBAM, please see below instructions.
--------------------
Upload file(s) to VirusTotal (VT) for an online scan. Click here. (http://www.virustotal.com)
Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:
C:\Users\Chris\Desktop\MBR.dat
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
Post the results in your next response.
Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti (http://virusscan.jotti.org/) or VirScan (http://virscan.org/) (VS) with similar steps.
A result from either one of the above scanners would be sufficient.
--------------------
Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here. (http://www.malwarebytes.org/mbam-download.php)
Run MBAM
Double click on mbam-setup.exe and follow the prompts to install the program.
At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.
--------------------
Please download GooredFix© by jpshortstuff and save it to your desktop. Click here. (http://jpshortstuff.247fixes.com/GooredFix.exe)
Run GooredFix
Close all Firefox windows and double click on GooredFix.exe to run it.
When prompted to run the scan, click Yes.
GooredFix will check for infections and a log will open. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
--------------------
Please post back:
1. VT result
2. MBAM report
3. GooredFix log
Illtempered
2011-08-27, 21:34
VT Result:
Antivirus
Version
Last Update
Result
AhnLab-V3
2011.08.26.01
2011.08.26
-
AntiVir
7.11.14.0
2011.08.26
-
Antiy-AVL
2.0.3.7
2011.08.27
-
Avast
4.8.1351.0
2011.08.27
-
Avast5
5.0.677.0
2011.08.27
-
AVG
10.0.0.1190
2011.08.27
-
BitDefender
7.2
2011.08.27
-
ByteHero
1.0.0.1
2011.08.22
-
CAT-QuickHeal
11.00
2011.08.27
-
ClamAV
0.97.0.0
2011.08.27
-
Commtouch
5.3.2.6
2011.08.27
-
Comodo
9895
2011.08.27
-
DrWeb
5.0.2.03300
2011.08.27
-
Emsisoft
5.1.0.10
2011.08.27
-
eSafe
7.0.17.0
2011.08.25
-
eTrust-Vet
36.1.8525
2011.08.26
-
F-Prot
4.6.2.117
2011.08.26
-
F-Secure
9.0.16440.0
2011.08.27
-
Fortinet
4.2.257.0
2011.08.26
-
GData
22
2011.08.27
-
Ikarus
T3.1.1.107.0
2011.08.27
-
Jiangmin
13.0.900
2011.08.27
-
K7AntiVirus
9.111.5060
2011.08.26
-
Kaspersky
9.0.0.837
2011.08.27
-
McAfee
5.400.0.1158
2011.08.27
-
McAfee-GW-Edition
2010.1D
2011.08.27
-
Microsoft
1.7604
2011.08.27
-
NOD32
6415
2011.08.27
-
Norman
6.07.10
2011.08.27
-
nProtect
2011-08-27.01
2011.08.27
-
Panda
10.0.3.5
2011.08.27
-
PCTools
8.0.0.5
2011.08.27
-
Prevx
3.0
2011.08.27
-
Rising
23.72.04.03
2011.08.26
-
Sophos
4.68.0
2011.08.27
-
SUPERAntiSpyware
4.40.0.1006
2011.08.27
-
Symantec
20111.2.0.82
2011.08.27
-
TheHacker
6.7.0.1.284
2011.08.26
-
TrendMicro
9.500.0.1008
2011.08.25
-
TrendMicro-HouseCall
9.500.0.1008
2011.08.27
-
VBA32
3.12.16.4
2011.08.26
-
VIPRE
10286
2011.08.27
-
ViRobot
2011.8.27.4643
2011.08.27
-
VirusBuster
14.0.188.0
2011.08.27
-
Additional information
Show all
MD5 : fbfc3456b2e155b1bd6514f9589f115b
SHA1 : e47cf96a40cc6a5a833d94c8631002950535b186
SHA256: 6658b26d571b486a1a6a2fc7f747d6a2670647b9aa65c50908b04c34ff7fc546
ssdeep: 6:k7qSM/S6HRb1LItaw8T9wqdt7zWnA8fd5Kfo/GVOcAlS04lUKr6ucTnd6+clTSev:k+N5DYaw
GfWB5r/XcAeUKubndCTS6Rh
File size : 512 bytes
First seen: 2011-08-27 17:42:34
Last seen : 2011-08-27 17:42:34
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
MBAM log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7588
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
8/27/2011 1:26:13 PM
mbam-log-2011-08-27 (13-26-13).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 320503
Time elapsed: 25 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
When I tried running GooredFix it crashed soon after I started the scan. It was saved to the desktop, and to run it I double-clicked the exe file there. I got it working by clicking "run" on the IE download window. Here's the log:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:31 on 27/08/2011 (Chris)
Firefox version 6.0 (en-US)
========== GooredScan ==========
========== GooredLog ==========
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [20:08 19/08/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [20:29 20/07/2011]
---------- Old Logs ----------
GooredFix[18.27.05_27-08-2011].txt
GooredFix[18.27.25_27-08-2011].txt
GooredFix[18.27.49_27-08-2011].txt
GooredFix[18.28.18_27-08-2011].txt
-=E.O.F=-
Jack&Jill
2011-08-28, 12:45
Hello Illtempered :),
Please go into the GooredFix Backups folder on the desktop and post back all the earlier logs. They will be named as GooredFix[time_date].txt.
Are you still getting redirected?
--------------------
Please download OTL© by OldTimer from one of the links below and save it to your desktop.
Link 1 (http://oldtimer.geekstogo.com/OTL.exe)
Link 2 (http://www.itxassociates.com/OT-Tools/OTL.exe)
Scan with OTL
Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are six of them.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.
--------------------
Please post back:
1. the answer to my question
2. all earlier GooredFix logs
3. the OTL logs (OTL.txt and Extras.txt)
Illtempered
2011-08-28, 21:16
Here are the gooredfix logs:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:27 on 27/08/2011 (Chris)
Firefox version 6.0 (en-US)
========== GooredScan ==========
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:27 on 27/08/2011 (Chris)
Firefox version 6.0 (en-US)
========== GooredScan ==========
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:27 on 27/08/2011 (Chris)
Firefox version 6.0 (en-US)
========== GooredScan ==========
GooredFix by jpshortstuff (03.07.10.1)
Log created at 13:28 on 27/08/2011 (Chris)
Firefox version 6.0 (en-US)
========== GooredScan ==========
In OTL there are five boxes with the option "use safe list". Under modules, the "no company name" option is ticked. The other two options under modules are "none" and "all". Which one do I check?
Illtempered
2011-08-28, 21:17
Oh, and I forgot to mention that yes, I am still getting redirected with Firefox, but not with IE.
Jack&Jill
2011-08-29, 02:34
Hello Illtempered :),
Please select No Company Name under Modules, run OTL then post the logs.
When you say you are redirected, is it by clicking on any links or results from search providers like Google or Bing, or is it when you want to go to specific sites but reach somewhere else instead?
Where do you get redirected to? Please use this method to provide site addresses: badsites[dot]com.
Illtempered
2011-08-29, 03:56
Here's an example of how I get redirected. I'll type in google search "spybot forums". The first result, Safer-Networking forums, appears to be the right link, in the search results, but if I click on it, I notice the URL changes to bywill.net, then find-fast-answers.net, monstermarketplace.com. These URL's change at random though.
Here's my OTL.txt:
OTL logfile created on: 8/28/2011 7:50:45 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.95 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 75.26% Memory free
15.90 Gb Paging File | 13.68 Gb Available in Paging File | 86.04% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676.98 Gb Total Space | 582.82 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
Drive D: | 21.36 Gb Total Space | 3.11 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Computer Name: CHRIS-HP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/28 13:09:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/08/01 21:39:15 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/02 13:00:44 | 014,401,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2011/08/02 13:00:42 | 000,190,248 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2011/08/02 13:00:40 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2011/08/02 13:00:37 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2011/08/02 13:00:35 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - [2010/12/13 16:05:16 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/13 16:05:14 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/12/08 18:17:50 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/11 16:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 16:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/02 16:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 16:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 16:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/12 19:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/07/29 22:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/07/16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010/03/24 12:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/01/11 16:07:34 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/07/06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/01/08 15:16:22 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/01/08 15:16:22 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 16:05:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/11 02:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/08 18:46:30 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/08 17:41:48 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/07 12:43:48 | 001,401,392 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/01 08:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/12 15:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/11/12 15:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/09 06:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/24 23:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/08/12 19:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/08/12 19:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/27 12:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/07/27 12:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/07/20 16:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 16:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 16:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 09:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/23 20:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/17 20:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 07:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/19 06:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/02 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/08/05 18:26:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/20 15:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/19 15:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/08/19 15:08:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/20 15:29:47 | 000,000,000 | ---D | M]
[2011/08/19 15:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/08/19 15:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/12 00:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/11 22:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/08/13 13:38:16 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea39e12-78c5-11e0-869a-2c27d7c49938}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea39e12-78c5-11e0-869a-2c27d7c49938}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/08/28 13:09:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/08/27 13:27:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\GooredFix Backups
[2011/08/27 13:26:52 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Chris\Desktop\GooredFix.exe
[2011/08/27 12:59:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/27 12:59:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/27 12:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/08/27 12:58:32 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/26 12:06:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\RK_Quarantine
[2011/08/26 11:54:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/08/19 15:08:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2011/08/19 15:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/08/19 14:45:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Sunbelt Software
[2011/08/19 14:39:40 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2011/08/19 14:39:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/19 14:38:10 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\New folder
[2011/08/13 13:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/13 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/08/13 13:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/13 13:46:12 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/05 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2011/08/05 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeMM
[2011/08/05 22:36:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ECSD
[2011/08/05 18:26:05 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/05 18:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/08/05 18:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/08/05 18:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/05 18:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/08/05 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS
[2011/08/05 15:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BOSS
[2011/08/05 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2011/08/03 13:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2011/08/03 13:49:04 | 000,000,000 | ---D | C] -- C:\Python27
[2011/08/03 11:27:10 | 000,000,000 | ---D | C] -- C:\Games
[2011/08/03 11:26:47 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\FOMM
[2011/08/01 22:09:23 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\FalloutNV
[2011/07/30 02:25:58 | 000,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll
[3 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/28 19:46:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/28 16:55:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/28 13:13:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/28 13:13:45 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/28 13:10:45 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/28 13:10:45 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/28 13:10:45 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/28 13:09:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/08/28 13:06:34 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/28 13:06:32 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Ljruax.job
[2011/08/28 13:06:21 | 2106,351,615 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/27 13:31:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Chris\Desktop\GooredFix.exe
[2011/08/27 12:59:18 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/27 12:58:32 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chris\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/26 12:05:23 | 000,569,856 | ---- | M] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2011/08/26 12:03:50 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/08/26 11:54:00 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/08/19 14:39:40 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\dds.scr
[2011/08/19 14:37:42 | 000,513,320 | ---- | M] () -- C:\Users\Chris\Desktop\erunt.zip
[2011/08/16 16:57:41 | 000,000,462 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2011/08/13 13:56:40 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/13 10:24:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/05 18:26:05 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/05 15:59:20 | 000,063,488 | RHS- | M] () -- C:\Windows\SysWow64\dui701.dll
[2011/07/30 02:25:58 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\system32CmdLineExt.dll
[3 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/27 12:59:18 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/26 12:05:23 | 000,569,856 | ---- | C] () -- C:\Users\Chris\Desktop\RogueKiller.exe
[2011/08/26 12:03:50 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/08/19 15:08:08 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/19 14:37:41 | 000,513,320 | ---- | C] () -- C:\Users\Chris\Desktop\erunt.zip
[2011/08/13 13:56:40 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/05 15:59:20 | 000,063,488 | RHS- | C] () -- C:\Windows\SysWow64\dui701.dll
[2011/08/05 15:59:20 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Ljruax.job
[2011/08/05 15:27:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/03 13:50:11 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011/08/03 13:50:11 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2011/08/03 13:50:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2011/07/20 15:24:51 | 000,207,062 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/07/12 20:52:43 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/07/03 02:33:35 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{D7B6BD7F-1FEC-4ED3-95DB-62C882DA882D}
[2011/06/23 02:19:18 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{3EEBC2EB-D46E-4FC1-B595-8DB08D793211}
[2011/06/17 01:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{A45510F1-E8CB-4466-9369-F4C78317B3EC}
[2011/06/01 13:01:43 | 000,000,462 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2011/05/03 03:52:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/28 10:56:14 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/28 02:56:26 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/28 00:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/12 04:31:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 04:23:25 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/01/08 14:55:44 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/07 12:43:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/11/12 15:51:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010/11/12 15:51:34 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2010/11/12 15:51:34 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2010/09/17 17:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/02 12:29:26 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2010/03/31 19:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/07/20 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2011/07/03 20:28:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Gmote
[2011/07/09 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\iExpert Software
[2011/06/24 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Oridus
[2011/04/28 05:25:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony Online Entertainment
[2011/04/27 23:50:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Stardock
[2011/06/01 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011/08/28 13:06:32 | 000,000,312 | -HS- | M] () -- C:\Windows\Tasks\Ljruax.job
[2011/07/20 00:28:46 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Illtempered
2011-08-29, 03:57
Heres my Extras.txt:
OTL Extras logfile created on: 8/28/2011 7:50:45 PM - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.95 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 75.26% Memory free
15.90 Gb Paging File | 13.68 Gb Available in Paging File | 86.04% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676.98 Gb Total Space | 582.82 Gb Free Space | 86.09% Space Free | Partition Type: NTFS
Drive D: | 21.36 Gb Total Space | 3.11 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Computer Name: CHRIS-HP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences Pro
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8B75256C-7215-4A48-4165-7CA7CB3E4600}" = ATI Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
"{B160E316-78C5-FE26-1548-EF4EA10C697E}" = ccc-utility64
"{C788B026-20BD-4E96-B698-533F1D6C5013}" = 64 Bit HP CIO Components Installer
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003D95E2-73FD-FB96-C871-7D2350A3479C}" = CCC Help Portuguese
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0635AEC4-0E4E-4641-9CD0-07D98428EA5A}" = Intel Digital Logo
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CF0D586-7A19-6115-DD84-559315A20A91}" = CCC Help Japanese
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{1351EDA8-66F1-284D-2D7E-F7462B3EC008}" = ccc-core-static
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18D46338-E2B2-4147-BAF0-921144B8F7D5}" = HP Software Framework
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{27258E4C-EC43-6DAE-6994-0069AFE3274B}" = CCC Help Chinese Traditional
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"{2EF6BA58-E670-2D27-54EE-BCA8638B966F}" = CCC Help Thai
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3CDE93B0-F3EB-B7E9-B52F-5685F9E6DF06}" = CCC Help Hungarian
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{49AF34B0-DF36-A667-BF44-F64100419778}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B9762B-6A21-0ADA-6C7E-8FD61F676AC8}" = CCC Help Italian
"{5AA27606-4BEA-B991-F8F1-68B64D4FEA01}" = CCC Help Greek
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68E32E18-6AAE-D242-ADB0-391167722822}" = CCC Help German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{71035158-9F08-4D71-A3FE-B9487EBB726E}" = HP Documentation
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7C60E2B8-69EF-E4AB-7D12-BCAF552FE8C1}" = PX Profile Update
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{91A374FB-4E88-F1A9-CECE-D35880313FE0}" = Catalyst Control Center Profiles Mobile
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{91FA6B23-7A0F-0C87-2F3C-BA7F8ABA5918}" = CCC Help English
"{92890D88-85C5-8001-AC0D-7BD972E83CC0}" = CCC Help Chinese Standard
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99BD48E2-AFAE-AE1C-1E4B-F24761E6E470}" = Catalyst Control Center InstallProxy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A50CB451-57A9-AC3A-569F-343BB8F8C5DD}" = CCC Help Korean
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABAF6BFB-FB5D-26C4-B4D1-0408BB8BE849}" = CCC Help Norwegian
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{ADDBF76A-C24C-9C2A-70CE-F365A99B09AC}" = CCC Help Czech
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B299E757-BE69-489D-AE78-D58ED9A73E8D}" = LogonStudio
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C03808FB-6779-B76C-A91A-D554087BD871}" = CCC Help Polish
"{C5009B0A-5C36-8DB8-7644-DF8A5767A2B1}" = CCC Help Swedish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE56D106-267A-69EF-AE65-0C022FE4FA76}" = CCC Help Finnish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E62F5946-33B4-7220-3BBE-3E0605D8D45E}" = CCC Help French
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{EBA77D65-E135-3702-039F-7F225B7BC77B}" = CCC Help Danish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F3EAD920-05B9-ADC7-6440-5AD86858B4B0}" = CCC Help Russian
"{F70987A6-F516-BD94-B908-4010D98E2530}" = CCC Help Spanish
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FD120502-4551-1383-2C3E-FE4CC9EA5211}" = CCC Help Dutch
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEC7B56F-A010-4866-809E-F5082CF5BB8C}" = HP ENVY Document Card Utilities
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"BOSS" = BOSS
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"experience-hp-bundle" = TriDef 3D (HP) 1.0.3
"Fences Pro" = Fences Pro
"Generic Mod Manager_is1" = Fallout Mod Manager 0.13.21
"HP Photo Creations" = HP Photo Creations
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{2A2E822B-3B0E-46C1-9E3B-ACD7D1E95139}" = SAMSUNG PC Share Manager
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"PremElem90" = Adobe Premiere Elements 9
"PSInstall" = PlanetSide
"pywin32-py2.7" = Python 2.7 pywin32-216
"Stardock MyColors" = Stardock MyColors
"Steam App 2100" = Dark Messiah Might and Magic Single Player
"Steam App 220" = Half-Life 2
"Steam App 2200" = Quake III Arena
"Steam App 22380" = Fallout: New Vegas
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 340" = Half-Life 2: Lost Coast
"TeamViewer 6" = TeamViewer 6
"WinLiveSuite" = Windows Live Essentials
"wxPython2.8-ansi-py27_is1" = wxPython 2.8.12.0 (ansi) for Python 2.7
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-Planetside" = Planetside
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/5/2011 5:24:50 PM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: pythonw.exe, version: 0.0.0.0, time stamp:
0x4cf14062 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0a1bfd26 Faulting process id: 0xfd4 Faulting application
start time: 0x01cc53b5bd044478 Faulting application path: C:\Python27\pythonw.exe
Faulting
module path: unknown Report Id: 595444fd-bfa9-11e0-b72b-2c27d7c49938
Error - 8/6/2011 9:52:55 AM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x005bee0c Faulting process
id: 0xea8 Faulting application start time: 0x01cc5427461df879 Faulting application
path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Report
Id: 624c8c9a-c033-11e0-8415-2c27d7c49938
Error - 8/7/2011 8:00:01 PM | Computer Name = Chris-HP | Source = Windows Backup | ID = 4103
Description =
Error - 8/8/2011 12:51:07 PM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x00477c6d Faulting process
id: 0x103c Faulting application start time: 0x01cc55eaefb6f7ca Faulting application
path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Report
Id: 9bca52a9-c1de-11e0-acb5-2c27d7c49938
Error - 8/9/2011 11:08:54 PM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x006a55a6 Faulting process
id: 0x1490 Faulting application start time: 0x01cc56e94a111190 Faulting application
path: C:\Program Files (x86)\Steam\steamapps\common\fallout new vegas\FalloutNV.exe
Faulting
module path: C:\Program Files (x86)\Steam\steamapps\common\fallout new vegas\FalloutNV.exe
Report
Id: 13ec0414-c2fe-11e0-b833-2c27d7c49938
Error - 8/10/2011 10:13:36 AM | Computer Name = Chris-HP | Source = Application Hang | ID = 1002
Description = The program FalloutNV.4gb version 1.4.0.525 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: e8c Start
Time: 01cc5767ab730516 Termination Time: 28 Application Path: c:\program files (x86)\steam\steamapps\common\fallout
new vegas\FalloutNV.4gb Report Id: eda7002f-c35a-11e0-a4e8-2c27d7c49938
Error - 8/11/2011 12:49:43 AM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x0004ddca Faulting process
id: 0x1558 Faulting application start time: 0x01cc57c51c6dd735 Faulting application
path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Report
Id: 53b1b4ab-c3d5-11e0-a4e8-2c27d7c49938
Error - 8/11/2011 1:18:39 AM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x0004ddca Faulting process
id: 0x16bc Faulting application start time: 0x01cc57e39c8e898f Faulting application
path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Report
Id: 5e6da191-c3d9-11e0-a4e8-2c27d7c49938
Error - 8/11/2011 3:04:47 AM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.4gb, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: FalloutNV.4gb, version: 1.4.0.525, time
stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x0004ddca Faulting process
id: 0x172c Faulting application start time: 0x01cc57f1818939fe Faulting application
path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.4gb
Faulting
module path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.4gb
Report
Id: 320eb86d-c3e8-11e0-a4e8-2c27d7c49938
Error - 8/11/2011 3:54:07 AM | Computer Name = Chris-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Faulting module name: FalloutNV.exe, version: 1.4.0.525, time
stamp: 0x4e0d50ed Exception code: 0xc0000005 Fault offset: 0x0004ddca Faulting process
id: 0x1524 Faulting application start time: 0x01cc57f5144e58ed Faulting application
path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Faulting
module path: c:\program files (x86)\steam\steamapps\common\fallout new vegas\FalloutNV.exe
Report
Id: 1655c117-c3ef-11e0-a4e8-2c27d7c49938
[ HP Wireless Assistant Events ]
Error - 4/28/2011 1:48:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:48:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:49:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:49:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:50:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:50:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:51:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:51:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:52:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
Error - 4/28/2011 1:52:32 AM | Computer Name = Chris-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()
[ System Events ]
Error - 8/27/2011 11:05:12 PM | Computer Name = Chris-HP | Source = ipnathlp | ID = 31004
Description =
Error - 8/27/2011 11:06:05 PM | Computer Name = Chris-HP | Source = DCOM | ID = 10016
Description =
Error - 8/27/2011 11:07:06 PM | Computer Name = Chris-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2
Error - 8/28/2011 2:00:17 AM | Computer Name = Chris-HP | Source = ipnathlp | ID = 31004
Description =
Error - 8/28/2011 2:00:18 AM | Computer Name = Chris-HP | Source = ipnathlp | ID = 31004
Description =
Error - 8/28/2011 2:06:39 PM | Computer Name = Chris-HP | Source = ipnathlp | ID = 31004
Description =
Error - 8/28/2011 2:07:33 PM | Computer Name = Chris-HP | Source = DCOM | ID = 10016
Description =
Error - 8/28/2011 2:08:35 PM | Computer Name = Chris-HP | Source = Service Control Manager | ID = 7000
Description = The HP Health Check Service service failed to start due to the following
error: %%2
Error - 8/28/2011 8:46:18 PM | Computer Name = Chris-HP | Source = ipnathlp | ID = 31004
Description =
Error - 8/28/2011 8:46:19 PM | Computer Name = Chris-HP | Source = ipnathlp | ID = 31004
Description =
< End of report >
Jack&Jill
2011-08-29, 11:38
Hello Illtempered :),
Those are long logs, so I will need some time to go through them. In the meantime, please do the following steps.
Upload file(s) to VirusTotal (VT) for an online scan. Click here. (http://www.virustotal.com)
Click on the Browse button or the white box beside it. A File Upload prompt will open.
Copy and paste the following file and its path to upload:
C:\Windows\SysWow64\dui701.dll
Press Open, then Send file. The file will be uploaded for testing.
If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
Post the results in your next response.
Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti (http://virusscan.jotti.org/) or VirScan (http://virscan.org/) (VS) with similar steps.
A result from either one of the above scanners would be sufficient.
--------------------
For Windows Vista or Windows 7, please use right click and select Run as administrator instead of double click to run all the tools I ask you to, or they may not work properly.
Look into folders
Open Notepad. Copy and paste the following text into it:
@echo off
dir "C:\Users\Chris\AppData\Roaming\Mozilla\Extensions" /A /S > "%userprofile%\desktop\look.txt"
dir "C:\Program Files (x86)\Mozilla Firefox\extensions" /A /S >> "%userprofile%\desktop\look.txt"
del %0
Save it as folderlook.bat on the desktop. Make sure the Save as type: is All Files (*.*).
Double click on folderlook.bat to run it. Allow if prompted by any security software.
Post the contents of look.txt. It is found on your desktop.
--------------------
Please post back:
1. VT result
2. contents of look.txt
Illtempered
2011-08-29, 20:50
I was unable to find a dui701.dll. In that directory. I did find a "dui70.dll", but when I copy that filename into VT's search it says I don't have permission to open the file. So, I manually browsed for the file so I could change the permissions, but couldn't find it.
Here's my look.txt:
Volume in drive C has no label.
Volume Serial Number is 266B-FC94
Directory of C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
08/19/2011 03:08 PM <DIR> .
08/19/2011 03:08 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 625,500,938,240 bytes free
Volume in drive C has no label.
Volume Serial Number is 266B-FC94
Directory of C:\Program Files (x86)\Mozilla Firefox\extensions
08/19/2011 03:08 PM <DIR> .
08/19/2011 03:08 PM <DIR> ..
08/19/2011 03:08 PM <DIR> {972ce4c6-7e08-4474-a285-3208198ce6fd}
0 File(s) 0 bytes
Directory of C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
08/19/2011 03:08 PM <DIR> .
08/19/2011 03:08 PM <DIR> ..
08/11/2011 10:16 PM 2,185 icon.png
08/11/2011 10:16 PM 1,103 install.rdf
08/11/2011 10:16 PM 9,303 preview.png
3 File(s) 12,591 bytes
Total Files Listed:
3 File(s) 12,591 bytes
5 Dir(s) 625,500,934,144 bytes free
Jack&Jill
2011-08-30, 20:47
Hello Illtempered :),
Zip it up
Open Notepad. Copy and paste the following text into it:
@echo off
for %%g in (
C:\Windows\SysWow64\dui701.dll
) do zip Files_for_submission %%g
del %0
Save it as grab.bat at the desktop. Make sure the Save as type: is All Files (*.*).
Double click on grab.bat to run it. Allow if prompted by any security software.
A file Files_for_submission.zip will appear on your desktop.
Please upload file(s) for analysis / backup. Click here. (http://www.bleepingcomputer.com/submit-malware.php?channel=126)
You will be taken to a new post page (at a different forum). Please fill in the necessary details and provide a link to this topic.
Upload Files_for_submission.zip from your desktop by clicking Send File.
Please post a reply indicating you have completed the upload.
Illtempered
2011-08-30, 23:18
When I double-click the grab.bat file, a command prompt pops up for a split second, then the grab.bat file disappears. The zip file never shows up on my desktop.
Jack&Jill
2011-08-31, 12:47
Hello Illtempered :),
We skip the previous step for now, there should a tool executed prior to it.
Fix with OTL
Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on OTL.exe to run it.
Copy and paste the following text into the white box below Custom Scans/Fixes:
:otl
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
[2011/08/28 13:06:32 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Ljruax.job
[2011/08/05 15:59:20 | 000,063,488 | RHS- | M] () -- C:\Windows\SysWow64\dui701.dll
:commands
[CREATERESTOREPOINT]
[resethosts]
[emptytemp]
Click Run Fix. Everything on the desktop may disappear, this is normal. Please wait until the tool completes its routine.
Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
If requested to reboot, please do so. The log file will open after restart.
Enable back your security softwares as soon as you completed the OTL fix steps.
--------------------
Please post back:
1. the OTL fix log
Illtempered
2011-08-31, 22:17
Here's the log:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
C:\Windows\Tasks\Ljruax.job moved successfully.
C:\Windows\SysWOW64\dui701.dll moved successfully.
========== COMMANDS ==========
Error creating restore point.
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Chris
->Temp folder emptied: 282468768 bytes
->Temporary Internet Files folder emptied: 20339608 bytes
->Java cache emptied: 49418 bytes
->FireFox cache emptied: 50560653 bytes
->Flash cache emptied: 64340 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 105215076 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84860 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 438.00 mb
OTL by OldTimer - Version 3.2.26.6 log created on 08312011_141335
Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDECBA4T\showthread[1].htm moved successfully.
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A91HMN6R\search[1].htm moved successfully.
Registry entries deleted on Reboot...
Jack&Jill
2011-09-01, 08:21
Hello Illtempered :),
Please zip this folder up using 7-Zip (http://www.7-zip.org/) or a suitable archive utility that handles Zip files:
C:\_OTL\MovedFiles\08312011_141335
Then upload the file for analysis. Click here. (http://www.bleepingcomputer.com/submit-malware.php?channel=126)
You will be taken to a new post page (at a different forum). Please fill in the necessary details and provide a link to this topic.
Upload Files_for_submission.zip from your desktop by clicking Send File.
Please post a reply indicating you have completed the upload.
--------------------
Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.
--------------------
Please post back:
1. if upload is successful
2. ESET online scan result
3. still redirected?
Illtempered
2011-09-01, 10:20
file submitted
Illtempered
2011-09-01, 21:32
ESET found some threats. Heres the log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-09-01 06:22:38
# local_time=2011-09-01 01:22:38 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 100 94 10002088 66440437 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=166643
# found=3
# cleaned=0
# scan_time=4371
C:\My Files\Tools\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Chris\Desktop\Spybot files\08312011_141335.7z a variant of Win32/Kryptik.RLE trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312011_141335\C_Windows\SysWOW64\dui701.dll a variant of Win32/Kryptik.RLE trojan (unable to clean) 00000000000000000000000000000000 I
Jack&Jill
2011-09-02, 02:40
Hello Illtempered :),
Thank you for the file submission.
Please delete C:\My Files\Tools\Setup_FreeConverter.exe.
The other two files from ESET findings; one is the backup from OTL fix whereas the other is the file that you zipped for upload. You can delete the latter.
How is the computer behaving now?
--------------------
Your Java Runtime Environment is outdated. Older versions have security vulnerabilities that can be exploited.
Please update JRE to the latest.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Java(TM) 6 Update 22 (64-bit)
Java(TM) 6 Update 24
Go to the Java SE download page. Click here. (http://www.java.com/en/download/manual.jsp)
Under the Windows title, click on Windows 7, XP Offline (32-bit) or Windows 7, XP Offline (64-bit) and save the file to your desktop.
Close any programs you may have running, especially your web browser.
Then, from your desktop, double click on the download to install the newest version. Reboot your computer.
--------------------
Your Firefox browser is outdated. Older versions have security vulnerabilities that can be exploited.
Please update your Firefox browser to the latest. You may need to use Internet Explorer temporarily for this, or download the program first before continuing the uninstall step.
It is important that you uninstall any previous versions by using Add/Remove Programs in your Control Panel before installing a newer version. Please uninstall:
Mozilla Firefox 5.0 (x86 en-US)
Go to the Mozilla Firefox download page. Click here. (http://www.mozilla.com/en-US/firefox/upgrade.html)
Click on the Free Download button and save the setup file to a convenient location.
Double click on the setup file and follow the steps accordingly.
--------------------
Please post back:
1. How is the computer behaving now?
Illtempered
2011-09-02, 21:35
Problem appears to be solved. Thank you!
Jack&Jill
2011-09-03, 10:22
Hello Illtempered :),
Good to hear that. I will give some security recommendations after this.
Rerun OTL
Double click on OTL.exe to run it.
Make sure all the Use SafeList options is checked (ticked). There are five of them.
Under the Modules section, please select No Company Name.
Check Scan All Users.
At the lower right corner, check LOP Check and Purity Check.
Click on Run Scan at the top left hand corner. This might take a while.
When done, two Notepad files will open. Please post only OTL.txt.
--------------------
Please post back:
1. OTL log
2. any more problems?
Illtempered
2011-09-03, 22:53
OTL.txt:
OTL logfile created on: 9/3/2011 2:48:46 PM - Run 2
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Chris\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.95 Gb Total Physical Memory | 6.39 Gb Available Physical Memory | 80.45% Memory free
15.90 Gb Paging File | 14.12 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676.98 Gb Total Space | 581.55 Gb Free Space | 85.90% Space Free | Partition Type: NTFS
Drive D: | 21.36 Gb Total Space | 3.11 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Computer Name: CHRIS-HP | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/30 17:59:04 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/08/28 13:09:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/12/11 02:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/30 17:59:04 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/08/13 10:24:24 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - [2010/12/13 16:05:16 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/13 16:05:14 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2010/12/08 18:17:50 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/11/11 16:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 16:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/02 16:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 16:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 16:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/12 19:24:30 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/07/29 22:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 07:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/01/25 13:56:32 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/11/06 02:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/30 06:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/07/16 17:23:30 | 006,638,080 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (AllShare)
SRV - [2010/03/24 12:33:18 | 000,083,240 | ---- | M] (Hewlett-Packard Developement Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe -- (hpdoccardsvc)
SRV - [2010/01/11 16:07:34 | 000,337,200 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/01/08 15:16:22 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/01/08 15:16:22 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/13 16:05:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/12/11 02:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/08 18:46:30 | 008,123,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/08 17:41:48 | 000,288,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/07 12:43:48 | 001,401,392 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/01 08:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/12 15:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/11/12 15:53:18 | 012,252,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/09 06:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/24 23:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/08/12 19:24:30 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2010/08/12 19:24:30 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2010/07/27 12:45:46 | 000,180,224 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/07/27 12:45:46 | 000,078,848 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/07/20 16:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 16:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 16:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 09:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/06/23 20:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/17 20:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/06 07:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/19 06:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/02 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/08/05 18:26:05 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/20 15:29:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/02 02:21:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/02 02:21:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/02 02:21:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/20 15:29:47 | 000,000,000 | ---D | M]
[2011/08/19 15:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/09/02 02:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/08/30 17:59:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/30 14:41:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/08/31 14:13:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2043173444-1837226345-327044386-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences Pro\FencesMenu64.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ea39e12-78c5-11e0-869a-2c27d7c49938}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea39e12-78c5-11e0-869a-2c27d7c49938}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/02 02:21:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/09/02 02:19:09 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/09/02 02:19:09 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/09/02 02:19:09 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/09/02 02:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/01 12:06:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/08/31 14:13:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/29 12:51:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Spybot files
[2011/08/28 13:09:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/08/19 15:08:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Mozilla
[2011/08/19 14:45:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Sunbelt Software
[2011/08/19 14:39:09 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/13 13:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/13 13:46:18 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/08/13 13:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/13 13:46:12 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/05 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fallout Mod Manager
[2011/08/05 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GeMM
[2011/08/05 22:36:02 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ECSD
[2011/08/05 18:26:05 | 000,055,384 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/08/05 18:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011/08/05 18:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/08/05 18:24:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/08/05 18:24:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011/08/05 15:44:05 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BOSS
[2011/08/05 15:44:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BOSS
[2011/08/05 15:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[3 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/03 14:45:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 14:45:13 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/03 14:44:10 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/03 14:44:10 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/03 14:44:10 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/03 14:38:05 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/03 14:38:05 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2011/09/03 14:38:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/03 14:37:52 | 2106,351,615 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/03 02:55:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/02 02:19:05 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011/09/02 02:19:05 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011/09/02 02:19:05 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011/09/02 02:19:05 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011/08/31 14:13:35 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/08/29 12:51:38 | 000,000,462 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2011/08/28 13:09:09 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/08/13 13:56:40 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/13 10:24:24 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/05 18:26:05 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[3 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/02 02:21:49 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/08/13 13:56:40 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011/08/05 15:27:53 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/03 13:50:11 | 000,354,304 | ---- | C] () -- C:\Windows\SysWow64\pythoncom27.dll
[2011/08/03 13:50:11 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\pywintypes27.dll
[2011/08/03 13:50:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\pythoncomloader27.dll
[2011/07/20 15:24:51 | 000,207,062 | ---- | C] () -- C:\Windows\hpoins46.dat
[2011/07/12 20:52:43 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2011/07/03 02:33:35 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{D7B6BD7F-1FEC-4ED3-95DB-62C882DA882D}
[2011/06/23 02:19:18 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{3EEBC2EB-D46E-4FC1-B595-8DB08D793211}
[2011/06/17 01:44:15 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{A45510F1-E8CB-4466-9369-F4C78317B3EC}
[2011/06/01 13:01:43 | 000,000,462 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\wklnhst.dat
[2011/05/03 03:52:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/04/28 10:56:14 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/04/28 02:56:26 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/28 00:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/12 04:31:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 04:23:25 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/01/08 14:55:44 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/07 12:43:48 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/11/12 15:51:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010/11/12 15:51:34 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2010/11/12 15:51:34 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2010/09/17 17:17:02 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/09/02 12:29:26 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll
[2010/03/31 19:34:36 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011/07/20 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2011/07/03 20:28:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Gmote
[2011/07/09 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\iExpert Software
[2011/06/24 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Oridus
[2011/04/28 05:25:05 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Sony Online Entertainment
[2011/04/27 23:50:41 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Stardock
[2011/06/01 13:01:43 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Template
[2011/07/20 00:28:46 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
No more redirects. Thanks again!
Jack&Jill
2011-09-04, 19:16
Hello Illtempered :),
Please remove all websites from the Trusted Zone in Internet Explorer as a security precaution. I took them out during the OTL fix, but they are back. Have a look at the following article on how to do it.
Security zones: adding or removing websites (http://windows.microsoft.com/en-US/windows-vista/Security-zones-adding-or-removing-websites)
I see signs of Hitman Pro, Sunbelt Antirootkit and McAfee security programs.
Please use AppRemover (http://www.appremover.com/) to remove security programs or their leftovers from incomplete uninstallation.
It appears to me your Microsoft Security Essentials is disabled. Please enable it for active protection.
--------------------
Congratulations, you are All Clear to go. Glad to hear everything is good and running :). If you have any more problems, please let me know.
Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.
Run OTL by double clicking on OTL.exe. Click on CleanUp, proceed to reboot if prompted.
Delete the aswMBR and RogueKiller files, plus GooredFix and its backup folder on your desktop.
Delete any logs on the desktop.
Some tips to help you stay clean and safe:
1. Keep your Windows up to date. Enable Automatic Updates for Windows 7 (http://windows.microsoft.com/en-us/windows7/Turn-automatic-updating-on-or-off) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.
2. Purge System Restore, for this one time only. A recovery feature will only be useful if it is clean from malwares. See Windows 7 System Restore Guide (http://www.sevenforums.com/tutorials/81500-system-restore-enable-disable.html) for some detail explanations.
3. Update your Antivirus program regularly, it is a must for constant protection against viruses. Please keep only one AV installed.
4. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.
5. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications.
6. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.
7. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.
8. Protect your computer from removable or USB drive infections with MCShield (http://amf.mycity.rs/programs/mc/mcshield/), an effective method to prevent malware from spreading.
9. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.
10. Make full use of Windows 7 firewall to step up the defense (http://www.petri.co.il/windows-7-firewall.htm) against internet dangers.
11. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)
Stay safe.
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)
Jack&Jill
2011-09-08, 07:51
As your problems appear to have been resolved, this topic is now closed.
We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)