Jump to content

salisian

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by salisian

  1. salisian

    I appreciate the promptness of the attention that you provided. From the first time you responded until the virus was gone was only a few hours, and everything went smoothly.

  2. salisian
    Also, some time between my reply at 8:02 PM yesterday and now, my computer has become extremely slow. The boot process is normal up until Windows loads, which now takes 15-20 minutes, and programs are taking about four times as long to load as they would before. If this is expected and the cleanup process you mentioned deals with this, then disregard.
  3. salisian
    I don't know what this securitycheck program is finding with Firefox, but I'm sure my Firefox is 15.0.1. Results of screen317's Security Check version 0.99.51 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Ad-Aware Malwarebytes Anti-Malware version 1.65.0.1400 Java 6 Update 22 Java 7 Update 7 Adobe Flash Player 11.4.402.278 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 13.0.1 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 ````````Process Check: objlist.exe by Laurent```````` Ad-Aware AAWService.exe Ad-Aware AAWTray.exe AVG avgwdsvc.exe AVG avgtray.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  4. salisian
    I went ahead and enabled most of what I had before, and the problem didn't reappear. I think the issue occurred when I switched from Opera to Firefox, and used the java plugin for a while without realizing that it was severly outdated, and there was a listed security vulnerability.
  5. salisian
    I don't see anything suspicious in any of my browsers after the resets. Although I'll be on high alert while I re-enable extensions and use the machine over the next few days, I can tentatively say that the problem is fixed. Thank you much for your help.
  6. salisian
    # AdwCleaner v2.005 - Logfile created 10/15/2012 at 21:27:41 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Dan - KATRINA # Boot Mode : Normal # Running from : C:\Users\Dan\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (en-US) Profile name : default File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\prefs.js [OK] File is clean. -\\ Google Chrome v22.0.1229.94 File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v [unable to get version] File : C:\Users\Dan\AppData\Roaming\Opera\Opera\operaprefs.ini Deleted : application/vnd.unity=6,,C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll,Unity [...] ************************* AdwCleaner[R1].txt - [3015 octets] - [15/10/2012 21:17:57] AdwCleaner[s1].txt - [2846 octets] - [15/10/2012 21:27:41] ########## EOF - C:\AdwCleaner[s1].txt - [2906 octets] ##########
  7. salisian
    # AdwCleaner v2.005 - Logfile created 10/15/2012 at 21:17:57 # Updated 14/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Dan - KATRINA # Boot Mode : Normal # Running from : C:\Users\Dan\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Common Files\Software Update Utility ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE Key Found : HKLM\SOFTWARE\Classes\dnUpdate Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1 Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Key Found : HKU\S-1-5-21-1206569-3984615700-1114235121-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v13.0.1 (en-US) Profile name : default File : C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\prefs.js [OK] File is clean. -\\ Google Chrome v22.0.1229.94 File : C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v [unable to get version] File : C:\Users\Dan\AppData\Roaming\Opera\Opera\operaprefs.ini Found : application/vnd.unity=6,,C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll,Unity [...] ************************* AdwCleaner[R1].txt - [2894 octets] - [15/10/2012 21:17:57] ########## EOF - C:\AdwCleaner[R1].txt - [2954 octets] ##########
  8. salisian
    MBAM detects nothing, and yet google results are still redirecting in all three browsers I tested. I have noted that Windows is loading slightly faster when I reboot though. Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.15.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Dan :: KATRINA [administrator] 10/15/2012 8:53:29 PM mbam-log-2012-10-15 (20-53-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201271 Time elapsed: 2 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  9. salisian
    ComboFix 12-10-15.01 - Dan 10/15/2012 20:00:20.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.4426 [GMT -4:00] Running from: c:\users\Dan\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\programdata\Microsoft\Windows\DRM\6C9A.tmp c:\users\Dan\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe c:\windows\SysWow64\URTTemp c:\windows\SysWow64\URTTemp\regtlib.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 ))))))))))))))))))))))))))))))) . . 2012-10-16 00:07 . 2012-10-16 00:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-09 07:02 . 2012-10-09 07:02 -------- d-----w- c:\program files\SAMSUNG 2012-10-09 07:02 . 2010-04-27 02:25 19016 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2012-10-09 07:02 . 2010-04-27 02:25 172104 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2012-10-09 07:02 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2012-10-09 07:02 . 2010-04-27 02:25 15944 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2012-10-09 07:02 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2012-10-09 07:02 . 2010-04-27 02:25 15432 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2012-10-09 07:02 . 2010-04-27 02:25 141384 ----a-w- c:\windows\system32\drivers\sscdserd.sys 2012-10-09 07:02 . 2010-04-27 02:25 136264 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2012-10-09 07:02 . 2012-10-09 07:02 -------- d-----w- c:\programdata\Samsung 2012-10-09 07:02 . 2012-10-09 07:02 53248 ----a-r- c:\users\Dan\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe 2012-10-09 07:02 . 2012-10-09 07:02 -------- d-----w- c:\users\Dan\AppData\Roaming\Verizon 2012-10-07 20:12 . 2012-10-10 22:30 -------- d-----w- c:\users\Dan\AppData\Roaming\Audacity 2012-09-27 09:32 . 2012-09-27 09:32 -------- d-----w- c:\users\Dan\AppData\Roaming\Apple Computer 2012-09-27 09:24 . 2012-09-27 09:24 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes 2012-09-27 09:24 . 2012-09-27 09:24 -------- d-----w- c:\programdata\Malwarebytes 2012-09-27 09:24 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-27 04:23 . 2012-09-27 04:23 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-09-27 04:18 . 2012-09-27 04:18 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-09-27 04:18 . 2012-09-27 04:18 -------- d-----w- c:\program files (x86)\QuickTime 2012-09-27 04:18 . 2012-09-27 04:18 -------- d-----w- c:\programdata\Apple Computer 2012-09-27 04:16 . 2012-09-27 04:16 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-09-16 20:01 . 2012-09-16 20:02 -------- d-----w- C:\b7ea368fe0283c743fa8f8fce2864e8f 2012-09-16 20:00 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-16 20:00 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-16 20:00 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-16 20:00 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-16 20:00 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-16 20:00 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-16 20:00 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-27 04:27 . 2012-04-04 18:41 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-27 04:27 . 2011-05-18 15:40 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-27 04:23 . 2012-06-12 04:54 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-27 04:23 . 2010-05-15 20:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-16 20:01 . 2010-12-04 21:21 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-07-18 18:15 . 2012-08-16 17:28 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 94208 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2012-01-26 2077536] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304] "VolPanel"="c:\program files (x86)\Creative\Volume Panel\VolPanlu.exe" [2009-07-07 241789] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer4"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-04-30 190488] R3 cpuz134;cpuz134;c:\program flies\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-06-04 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-09 79360] R3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-06-04 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1445976] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 95320] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-04-30 6377496] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-01-26 69152] S1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\System32\Drivers\avgldx64.sys [2010-07-15 269904] S1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\System32\Drivers\avgmfx64.sys [2011-09-12 35664] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776] S2 avg9wd;AVG Free WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-08-26 1181328] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-21 240232] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1445976] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 95320] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1612888] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-04-30 30232] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-06-01 33160] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 26982122 *NewlyCreated* - 38160382 *Deregistered* - 26982122 *Deregistered* - 38160382 . Contents of the 'Scheduled Tasks' folder . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206569-3984615700-1114235121-1001Core.job - c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 02:19] . 2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1206569-3984615700-1114235121-1001UA.job - c:\users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 02:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2010-10-06 23:36 97792 ----a-w- c:\users\Dan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\avgrssta.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 FF - ProfilePath - c:\users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-38160382.sys AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-CamStudio - c:\games\CamStudio\uninstall.exe AddRemove-GoldenEye: Source - c:\games\Steam\SteamApps\sourcemods\GoldenEye: Source_Uninstall.exe AddRemove-Opera 11.11.2109 - c:\program files (x86)\Opera\Opera.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-RPTools MapTool - c:\windows\system32\javaws.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1206569-3984615700-1114235121-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C11B4CAE-AFF4-6585-6F80-252FB512753E}*] "habnjdamjdplgnao"=hex:61,61,00,00 "ianaamciinbhncdekg"=hex:69,61,65,6a,64,6c,6d,61,66,67,70,64,6f,68,69,69,70,62, 00,b1 "hahaonoikmnecndc"=hex:69,61,65,6a,64,6c,6d,61,66,67,70,64,6f,68,69,69,70,62, 00,ff "habnjdamhbkknaep"=hex:61,61,00,00 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-15 20:10:03 ComboFix-quarantined-files.txt 2012-10-16 00:10 . Pre-Run: 159,931,912,192 bytes free Post-Run: 162,383,974,400 bytes free . - - End Of File - - 39EE76493509A0A683AFDB6590CAD6B5
  10. salisian
    You did not instruct me to include the reports from RogueKiller, but I have posted them here because of the line [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> NOT REMOVED, USE PROXYFIX If this is expected, please disregard; the attachmends for tdsskiller are below. Also, the tdsskiller did not find any malicious objects, and required no reboot after the scan. TDSSKiller.2.8.13.0_15.10.2012_18.51.52_log.txt TDSSKiller.2.8.13.0_15.10.2012_18.55.09_log.txt RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dan [Admin rights] Mode : Remove -- Date : 10/15/2012 18:49:54 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> NOT REMOVED, USE PROXYFIX [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\n.) -> REPLACED (C:\Windows\system32\shell32.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 ATA Device +++++ --- User --- [MBR] d0e90eb80994bf396ff3b77ce31b01e1 [bSP] d50bf80ecf2c50163e0a345de78802e0 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo...13-roguekiller/ Website: http://tigzy.geeksto...roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dan [Admin rights] Mode : Remove -- Date : 10/15/2012 18:51:09 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 ATA Device +++++ --- User --- [MBR] d0e90eb80994bf396ff3b77ce31b01e1 [bSP] d50bf80ecf2c50163e0a345de78802e0 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[4].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
  11. salisian
    RogueKiller V8.1.0 [09/28/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Dan [Admin rights] Mode : Scan -- Date : 10/15/2012 16:36:21 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 8 ¤¤¤ [sHELL][sUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> FOUND [sHELL][sUSP PATH] HKUS\S-1-5-21-1206569-3984615700-1114235121-1001[...]\Windows : Load (C:\Users\Dan\LOCALS~1\Temp\msqekizo.com) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-1206569-3984615700-1114235121-1001\$e628b2a89fa3d2c9e2e52907500fb51b\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKS-00A7B0 ATA Device +++++ --- User --- [MBR] d0e90eb80994bf396ff3b77ce31b01e1 [bSP] d50bf80ecf2c50163e0a345de78802e0 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  12. salisian
    A few weeks ago I began to encounter an issue where Google search links began to redirect to what I'm fairly sure were attack sites. Every time I run MBAM or another virus/adware/malware scan, it detects a registry virus and supposedly deletes it, but when my computer restarts the issue appears again. I thought the issue was mostly benign if I just stopped clicking google links, but earlier tonight while playing a game my computer froze and on reboot would not get past the Windows loading screen. A system restore got me past that issue, but the virus persists and is clearly more a threat than I thought. Any help would be appreciated. The second line on dds.txt under the subheading "Pseudo HJT Report" seems to be part of the virus since the registry key in question points at that file, but that file doesn't seem to exist on my computer. dds.txt DDS (Ver_2012-10-14.05) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.7.2 Run by Dan at 1:52:20 on 2012-10-15 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6134.3851 [GMT -4:00] . AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Windows\system32\lsm.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\lkads.exe C:\Windows\SysWOW64\lktsrv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe C:\School\National Instruments\Shared\Security\nidmsrv.exe C:\Windows\SysWOW64\nisvcloc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\Explorer.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Flies\pirch\pirch98.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Flies\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uWindows: Load = C:\Users\Dan\LOCALS~1\Temp\msqekizo.com mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [Google Update] "C:\Users\Dan\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRunOnce: [AutoLaunch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AutoLaunch.exe monthly mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab TCP: NameServer = 65.32.5.111 65.32.5.112 TCP: Interfaces\{9CA39918-4F04-4704-AEBF-F9A681D6E21C} : DHCPNameServer = 65.32.5.111 65.32.5.112 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\axirir3c.default\ FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Dan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-1-26 69152] R1 AvgLdx64;AVG Free AVI Loader Driver x64;C:\Windows\System32\drivers\avgldx64.sys [2010-1-26 269904] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;C:\Windows\System32\drivers\avgmfx64.sys [2010-1-26 35664] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203776] R2 avg9wd;AVG Free WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-12-2 1181328] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-4-30 190488] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-11-20 240232] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-27 287232] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-4-30 30232] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-6-23 344680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 cpuz134;cpuz134;C:\Program Flies\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-6-4 21480] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-6-4 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-11-9 79360] S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\DDLLicensing.exe [2011-6-4 79360] S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488] S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976] S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-6 25832] S3 LVUVC64;Logitech Webcam 120(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-1-19 6377496] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-12 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-7-9 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-4 1255736] . =============== Created Last 30 ================ . 2012-10-09 07:02:20 19016 ----a-w- C:\Windows\System32\drivers\sscdmdfl.sys 2012-10-09 07:02:20 172104 ----a-w- C:\Windows\System32\drivers\sscdmdm.sys 2012-10-09 07:02:20 15944 ----a-w- C:\Windows\System32\drivers\sscdwhnt.sys 2012-10-09 07:02:20 15944 ----a-w- C:\Windows\System32\drivers\sscdwh.sys 2012-10-09 07:02:20 15432 ----a-w- C:\Windows\System32\drivers\sscdcmnt.sys 2012-10-09 07:02:20 15432 ----a-w- C:\Windows\System32\drivers\sscdcm.sys 2012-10-09 07:02:20 141384 ----a-w- C:\Windows\System32\drivers\sscdserd.sys 2012-10-09 07:02:20 136264 ----a-w- C:\Windows\System32\drivers\sscdbus.sys 2012-10-09 07:02:20 -------- d-----w- C:\Program Files\SAMSUNG 2012-10-09 07:02:15 -------- d-----w- C:\ProgramData\Samsung 2012-10-09 07:02:06 53248 ----a-r- C:\Users\Dan\AppData\Roaming\Microsoft\Installer\{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}\ARPPRODUCTICON.exe 2012-10-09 07:02:06 -------- d-----w- C:\Users\Dan\AppData\Roaming\Verizon 2012-10-07 20:09:58 -------- d-----w- C:\Users\Dan\AppData\Local\{DFCAF6EF-0FF5-4D4F-9E96-7E59A73424A1} 2012-09-27 09:24:49 -------- d-----w- C:\Users\Dan\AppData\Roaming\Malwarebytes 2012-09-27 09:24:41 -------- d-----w- C:\ProgramData\Malwarebytes 2012-09-27 09:24:40 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-27 04:23:46 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-09-27 04:18:11 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-09-16 20:01:06 -------- d-----w- C:\b7ea368fe0283c743fa8f8fce2864e8f 2012-09-16 20:00:24 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-16 20:00:24 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-16 20:00:23 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-16 20:00:23 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-16 20:00:16 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-16 20:00:16 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-16 20:00:15 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ==================== Find3M ==================== . 2012-09-27 04:27:09 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-27 04:27:09 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-27 04:23:41 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-09-27 04:23:41 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 1:52:38.55 =============== attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-14.05) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 11/14/2009 2:05:49 PM System Uptime: 10/15/2012 12:30:06 AM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P6T Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | LGA1366 | 2668/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 466 GiB total, 150.305 GiB free. D: is CDROM () E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP255: 10/5/2012 5:45:52 PM - Scheduled Checkpoint RP256: 10/12/2012 6:21:21 PM - Scheduled Checkpoint . ==== Installed Programs ====================== . 'PTC Places' Namespace Shell Extension AAC Decoder Activation Assistant for the 2007 Microsoft Office suites Ad-Aware Adobe Flash Player 11 ActiveX 64-bit Adobe Flash Player 11 Plugin Adobe Reader 9.5.2 Adobe Shockwave Player 11.5 AIM 7 Alpha Protocol AMD Drag and Drop Transcoding Apple Application Support Apple Software Update ATI AVIVO64 Codecs ATI Catalyst Install Manager Audacity 2.0.2 AutoUpdate AVG Free 9.0 Bastion Belarc Advisor 8.2 Borderlands Braid Call of Duty: Modern Warfare 2 CamStudio CamStudio Lossless Codec v1.4 CamStudio OSS Desktop Recorder Canon Easy-WebPrint EX Canon MP Navigator EX 3.0 Canon MP490 series MP Drivers Canon MP490 series User Registration Canon Utilities My Printer Caster Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cheat Engine 5.5 ConverterLite 0.1 Creative ALchemy Creative Audio Control Panel Creative AutoMode Switcher Creative Console Launcher Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition Creative System Information Crysis® D3DX10 DDL and DTS Connect License Activation DEFCON Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Deus Ex: Game of the Year Edition Deus Ex: Invisible War Dia (remove only) Divine Divinity DivX Codec DivX Converter DivX Player DivX Plus DirectShow Filters DivX Version Checker Dolby Digital Live Pack Download Updater (AOL LLC) Dragon Age: Origins Dropbox DTS Connect Pack Dundjinni EAGLE 5.11.0 Far Cry (Patch 1.32 AMD64) Far Cry 2 FLV Player 2.0 (build 25) Fraps (remove only) GameSpy Comrade GoldenEye: Source - HalfLife 2 Mod Google Chrome Greed Corp Guild Wars H.264 Decoder Half-Life 2 Half-Life 2: Episode One Half-Life 2: Episode Two Half-Life: Source Heroes of Might and Magic® IV The Gathering Storm HI-TECH C51-lite V9.60PL0 HI-TECH PICC lite V9.60PL0 HydraVision Java 7 Update 7 Java Auto Updater Java™ 6 Update 22 Just Cause Just Cause 2 LAME v3.99.3 (for Windows) Legend of Grimrock Logitech Vid Logitech Webcam Software Logitech Webcam Software Driver Package LTspice IV Magicka Majesty 2 Malwarebytes Anti-Malware version 1.65.0.1400 MapleStory Mass Effect Mass Effect 2 Mathcad 15 F000 Mathcad PDSi viewable support MATLAB R2011a Student Version MATLAB Student R2010a Medieval II Total War Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft IntelliPoint 7.0 Microsoft Office 2010 Language Pack Service Pack 1 (SP1) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Office 64-bit Components 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Visio 2010 Microsoft Office Visio MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft VC9 runtime libraries Microsoft Visio 2010 Service Pack 1 (SP1) Microsoft Visio Professional 2010 Microsoft Visual Basic PowerPacks 10.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 MKV Splitter Morrowind Mount & Blade Mount and Blade: Warband Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MuseScore 1.2 MuseScore score typesetter National Instruments Software Nexon Game Manager NI Circuit Design Suite 11.0 Core NI Circuit Design Suite 11.0 Edu Licenses NI Circuit Design Suite 11.0 Education NI EULA Depot NI Example Finder 9.0 NI Help Assistant NI Help Assistant (64bit) NI LabVIEW Real-Time NBFifo NI LabVIEW Run-Time Engine 2009 NI LabVIEW Run-Time Engine 8.6.1 NI LabVIEW Run-Time Engine Interop 2009 NI LabVIEW Run-Time Engine Web Services NI LabVIEW Web Server for Run-Time Engine NI LabVIEW Web Services Runtime NI LabWindows/CVI 9.0.1 Run-Time Engine NI License Manager NI Logos 5.1 NI Logos XT Support NI Logos64 5.1 NI Logos64 XT Support NI Math Kernel Libraries NI Math Kernel Libraries (64-bit) NI MDF Support NI MetaSuite Installer NI Service Locator NI TDMS NI TDMS (64-bit) NI Trace Engine NI Trace Engine (64-bit) NI Uninstaller NI Update Service 1.0 NI Update Service Extras 1.0 NI USI 1.7.0 NI USI 1.7.0 64-Bit NI VC2005MSMs x64 NI VC2005MSMs x86 NI VC2008MSMs x64 NI VC2008MSMs x86 NI Web Pipeline 2.0.1 NI Web Pipeline 2.0.1 64-bit support NVIDIA Drivers NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenAL OpenOffice.org 3.3 Opera 11.11 Opera 12.00 Pando Media Booster PC Wizard 2010.1.96 Portal Psychonauts PunkBuster Services QuickTime Railroad Tycoon 2: Platinum RPTools MapTool SAMSUNG USB Driver for Mobile Phones Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition Sequence Sid Meier's Civilization III: Complete Skype™ 4.1 Solar 2 SoundFont Bank Manager Space Pirates and Zombies SpaceChem SpeedFan (remove only) Steam SteamLink Team Fortress 2 TeamSpeak 2 RC2 TeamSpeak 2 Server RC2 Terraria TES Construction Set The Elder Scrolls V: Skyrim The Guild II THX Setup Console Ticket to Ride Trillian Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition VC80CRTRedist - 8.0.50727.4053 Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 Visual C++ 8.0 Runtime Setup Package (x64) VLC media player 1.0.3 Volume Panel Windchill ProductPoint Client Manager Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR archiver WinZip 14.0 World of Goo Xvid 1.2.2 final uninstall . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.