horimiya
-
Posts
13 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by horimiya
-
Good evening TheDarkKnight, Removed the programs. good advice. Thank you so much for all your assistance,help and advice! (:
-
Good morning TheDarkKnight, Turned on the automatic windows update, . SP1 was installed successfully & after a few restarts for further updates, all important installations are done.Also installed Microsoft security essentials. Downloaded the latest java first because Java did not allow me to remove old versions unless the latest was installed. Remove the old versions thereafter. Updated Adobe reader to the latest version as well.
-
good morning TheDarkKnight, Currently, none as far as I'm aware of. No redirects or music playing thus far. here is the 317 log: Results of screen317's Security Check version 0.99.54 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 CCleaner JavaFX 2.1.1 Java version out of Date! Adobe Flash Player 11.4.402.287 Adobe Reader 9 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Security Scan 2.0 kss.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log``````````````````````
-
Hello TheDarkKnight, Here are the reports: Malware (0) Information about malware detected on the computer. Vulnerabilities C:\Program Files (x86)\Google\Picasa3\plugins\expwebsites\expwebsites.yti C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll C:\Windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.d Other issues "Autorun from hard drives is allowed" "Autorun from network drives is enabled" "CD/DVD autorun is enabled" "Removable media autorun is enabled" "Microsoft Internet Explorer: clear history of typed URLs" "Microsoft Internet Explorer - disable caching data received via protected channel" "Microsoft Internet Explorer: disable sending error reports" "Microsoft Internet Explorer: clear list of pop-up blocker exceptions" "Microsoft Internet Explorer: enable cache autocleanup on browser closing" "Windows Explorer: display of known file types extensions is disabled" "Microsoft Internet Explorer: start page reset"
-
Hello TheDarkKnight, No, no other weird things thus far. The music has also stopped appearing (: Not gotten any redirect so far as well. here is the log: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-15 18:36:03 Windows 6.1.7600 Running: uk899jte.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1f53957 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1f53957@7cc53745c4ed 0xE1 0x7D 0xF2 0xDD ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1f53957 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1f53957@7cc53745c4ed 0xE1 0x7D 0xF2 0xDD ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\sins of a solar empire\Çàêàò Ñîëíå\xf7íîé Èìïåðèè. Íîâàÿ âîéíà\Uninstall\unins000.exe 1 ---- EOF - GMER 1.0.15 ----
-
Hey TheDarkKnight, silly me ugh. the full log: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: Acer System Product Name: Aspire 5930 Logical Drives Mask: 0x0000007c Kernel Drivers (total 191): 0x02C50000 \SystemRoot\system32\ntoskrnl.exe 0x02C07000 \SystemRoot\system32\hal.dll 0x00BCE000 \SystemRoot\system32\kdcom.dll 0x00C35000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C79000 \SystemRoot\system32\PSHED.dll 0x00C8D000 \SystemRoot\system32\CLFS.SYS 0x00CEB000 \SystemRoot\system32\CI.dll 0x00E2A000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00ECE000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F47000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F54000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F87000 \SystemRoot\System32\drivers\partmgr.sys 0x00F9C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00FA5000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x01028000 \SystemRoot\System32\drivers\volmgrx.sys 0x01084000 \SystemRoot\System32\drivers\mountmgr.sys 0x0109E000 \SystemRoot\system32\DRIVERS\atapi.sys 0x010A7000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x010D1000 \SystemRoot\system32\DRIVERS\msahci.sys 0x010DC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x010EC000 \SystemRoot\system32\drivers\amdxata.sys 0x010F7000 \SystemRoot\system32\drivers\fltmgr.sys 0x01143000 \SystemRoot\system32\drivers\fileinfo.sys 0x01206000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01157000 \SystemRoot\System32\Drivers\msrpc.sys 0x013A8000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01444000 \SystemRoot\System32\Drivers\cng.sys 0x014B6000 \SystemRoot\System32\drivers\pcw.sys 0x014C7000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014D1000 \SystemRoot\system32\drivers\ndis.sys 0x016EC000 \SystemRoot\system32\drivers\NETIO.SYS 0x0174C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x01777000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x017C1000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0164C000 \SystemRoot\System32\Drivers\spldr.sys 0x01654000 \SystemRoot\System32\drivers\rdyboost.sys 0x0168E000 \SystemRoot\System32\Drivers\mup.sys 0x016A0000 \SystemRoot\System32\drivers\hwpolicy.sys 0x016A9000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x017D1000 \SystemRoot\system32\DRIVERS\disk.sys 0x015C3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x011B5000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x01413000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x016E3000 \SystemRoot\System32\Drivers\Null.SYS 0x0143D000 \SystemRoot\System32\Drivers\Beep.SYS 0x013C2000 \SystemRoot\System32\drivers\vga.sys 0x013D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01000000 \SystemRoot\System32\drivers\watchdog.sys 0x013F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01010000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01019000 \SystemRoot\system32\drivers\rdprefmp.sys 0x00FC6000 \SystemRoot\System32\Drivers\Msfs.SYS 0x00FD1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x00FE2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x00E00000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C14000 \SystemRoot\system32\drivers\afd.sys 0x02C9D000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02CE2000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x02CED000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02CF6000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D1C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D2B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D46000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02D5A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02DAB000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02DB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02DC2000 \SystemRoot\System32\drivers\discache.sys 0x066BA000 \SystemRoot\system32\drivers\csc.sys 0x0673D000 \SystemRoot\System32\Drivers\dfsc.sys 0x0675B000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x0676C000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0F090000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0FD07000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0F000000 \SystemRoot\System32\drivers\dxgmms1.sys 0x0F046000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x06792000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x0F053000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0F064000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x06600000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x0689E000 \SystemRoot\system32\DRIVERS\netw5v64.sys 0x06DD9000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x06DDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x06800000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0680F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0681E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x06825000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x0682E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x06844000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x06854000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x0686A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0688E000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x06665000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x06694000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x00E0D000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x066AF000 \SystemRoot\system32\DRIVERS\hamachi.sys 0x067E8000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x0689A000 \SystemRoot\system32\DRIVERS\swenum.sys 0x00DAB000 \SystemRoot\system32\DRIVERS\ks.sys 0x02C00000 \SystemRoot\system32\DRIVERS\umbus.sys 0x07220000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0727A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0728F000 \SystemRoot\system32\drivers\HdAudio.sys 0x072EB000 \SystemRoot\system32\drivers\portcls.sys 0x07328000 \SystemRoot\system32\drivers\drmk.sys 0x0734A000 \SystemRoot\system32\drivers\ksthunk.sys 0x0740A000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x0752C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0752E000 \SystemRoot\system32\drivers\modem.sys 0x0753D000 \SystemRoot\system32\drivers\nvhda64v.sys 0x00040000 \SystemRoot\System32\win32k.sys 0x0756A000 \SystemRoot\System32\drivers\Dxapi.sys 0x07576000 \SystemRoot\System32\Drivers\crashdmp.sys 0x07584000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x07590000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x0759B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x075AE000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x075BC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x075D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x075DE000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x07350000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0736D000 \SystemRoot\System32\Drivers\usbvideo.sys 0x02ACB000 \SystemRoot\System32\Drivers\ATSwpWDF.sys 0x02B80000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x02B8E000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004F0000 \SystemRoot\System32\TSDDD.dll 0x007A0000 \SystemRoot\System32\cdd.dll 0x008D0000 \SystemRoot\System32\ATMFD.DLL 0x02B9C000 \SystemRoot\system32\drivers\luafv.sys 0x02BBF000 \SystemRoot\system32\drivers\WudfPf.sys 0x02BE0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02A00000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x02A53000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02A66000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x054B0000 \SystemRoot\system32\drivers\HTTP.sys 0x05578000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05596000 \SystemRoot\System32\drivers\mpsdrv.sys 0x055AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0544E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x088F4000 \SystemRoot\system32\drivers\peauth.sys 0x0899A000 \SystemRoot\System32\Drivers\secdrv.SYS 0x089A5000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x089D2000 \SystemRoot\System32\drivers\tcpipreg.sys 0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys 0x08EB9000 \SystemRoot\System32\DRIVERS\srv.sys 0x76F20000 \Windows\System32\ntdll.dll 0x47A30000 \Windows\System32\smss.exe 0xFF240000 \Windows\System32\apisetschema.dll 0xFFA90000 \Windows\System32\autochk.exe 0xFF020000 \Windows\System32\ole32.dll 0xFEE40000 \Windows\System32\setupapi.dll 0x770F0000 \Windows\System32\normaliz.dll 0xFED70000 \Windows\System32\usp10.dll 0xFECD0000 \Windows\System32\comdlg32.dll 0x76E20000 \Windows\System32\user32.dll 0x770E0000 \Windows\System32\psapi.dll 0x76C10000 \Windows\System32\iertutil.dll 0xFEBC0000 \Windows\System32\msctf.dll 0xFEAE0000 \Windows\System32\advapi32.dll 0xFEA90000 \Windows\System32\ws2_32.dll 0xFEA70000 \Windows\System32\sechost.dll 0xFE990000 \Windows\System32\oleaut32.dll 0x76AB0000 \Windows\System32\wininet.dll 0x76990000 \Windows\System32\kernel32.dll 0xFE970000 \Windows\System32\imagehlp.dll 0xFE8D0000 \Windows\System32\clbcatq.dll 0xFE8C0000 \Windows\System32\nsi.dll 0xFE820000 \Windows\System32\msvcrt.dll 0xFE810000 \Windows\System32\lpk.dll 0xFE7E0000 \Windows\System32\imm32.dll 0xFE770000 \Windows\System32\gdi32.dll 0xFE6F0000 \Windows\System32\difxapi.dll 0xFE5C0000 \Windows\System32\rpcrt4.dll 0xFE540000 \Windows\System32\shlwapi.dll 0xFE4F0000 \Windows\System32\Wldap32.dll 0xFD760000 \Windows\System32\shell32.dll 0x76840000 \Windows\System32\urlmon.dll 0xFD6C0000 \Windows\System32\comctl32.dll 0xFD6A0000 \Windows\System32\devobj.dll 0xFD530000 \Windows\System32\crypt32.dll 0xFD4F0000 \Windows\System32\wintrust.dll 0xFD480000 \Windows\System32\KernelBase.dll 0xFD440000 \Windows\System32\cfgmgr32.dll 0xFD430000 \Windows\System32\msasn1.dll Processes (total 61): 0 System Idle Process 4 System 256 C:\Windows\System32\smss.exe 360 csrss.exe 424 C:\Windows\System32\wininit.exe 440 csrss.exe 472 C:\Windows\System32\services.exe 488 C:\Windows\System32\lsass.exe 496 C:\Windows\System32\lsm.exe 612 C:\Windows\System32\svchost.exe 672 C:\Windows\System32\nvvsvc.exe 716 C:\Windows\System32\svchost.exe 784 C:\Windows\System32\svchost.exe 820 C:\Windows\System32\svchost.exe 864 C:\Windows\System32\svchost.exe 992 C:\Windows\System32\svchost.exe 288 C:\Windows\System32\winlogon.exe 912 C:\Windows\System32\svchost.exe 1208 C:\Windows\System32\spoolsv.exe 1228 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 1240 C:\Windows\System32\nvvsvc.exe 1300 C:\Windows\System32\svchost.exe 1396 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1568 C:\Windows\System32\taskhost.exe 1656 C:\Windows\System32\taskeng.exe 1688 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 1696 C:\Windows\System32\dwm.exe 1724 C:\Windows\explorer.exe 1876 C:\Program Files\Bonjour\mDNSResponder.exe 1904 C:\Windows\System32\svchost.exe 1948 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe 840 C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe 1356 C:\Windows\System32\svchost.exe 1276 C:\Windows\System32\svchost.exe 1796 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2316 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2628 C:\Windows\System32\svchost.exe 2816 C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 2660 C:\Windows\System32\SearchIndexer.exe 1040 C:\Program Files\Windows Media Player\wmpnetwk.exe 1376 C:\Windows\System32\svchost.exe 3740 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 3976 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 3992 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 4012 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 4028 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 4040 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 3248 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 3428 C:\Windows\System32\taskhost.exe 3424 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 2020 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 2540 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 1840 C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe 1444 WmiPrvSE.exe 2688 C:\Windows\System32\SearchProtocolHost.exe 3288 C:\Windows\System32\SearchFilterHost.exe 596 C:\Windows\System32\dllhost.exe 684 C:\Windows\System32\audiodg.exe 3732 C:\Users\ee\Desktop\MBRCheck.exe 3716 C:\Windows\System32\conhost.exe 3112 C:\Windows\System32\notepad.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000000f`003eb200 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x0000002a`8072e200 (NTFS) PhysicalDrive0 Model Number: WDCWD3200BEVT-22ZCT0, Rev: 11.01A11 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79 Done!
-
Hello TheDarkKnight, the log MBRcheck: MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows 7 Professional Windows Information: (build 7600), 64-bit Base Board Manufacturer: Acer BIOS Manufacturer: Phoenix Technologies LTD System Manufacturer: Acer System Product Name: Aspire 5930 Logical Drives Mask: 0x0000007c Kernel Drivers (total 191): 0x02C50000 \SystemRoot\system32\ntoskrnl.exe 0x02C07000 \SystemRoot\system32\hal.dll 0x00BCE000 \SystemRoot\system32\kdcom.dll 0x00C35000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00C79000 \SystemRoot\system32\PSHED.dll 0x00C8D000 \SystemRoot\system32\CLFS.SYS 0x00CEB000 \SystemRoot\system32\CI.dll 0x00E2A000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00ECE000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS 0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x00F47000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00F54000 \SystemRoot\system32\DRIVERS\pci.sys 0x00F87000 \SystemRoot\System32\drivers\partmgr.sys 0x00F9C000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x00FA5000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00FB1000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x01028000 \SystemRoot\System32\drivers\volmgrx.sys 0x01084000 \SystemRoot\System32\drivers\mountmgr.sys 0x0109E000 \SystemRoot\system32\DRIVERS\atapi.sys 0x010A7000 \SystemRoot\system32\DRIVERS\ataport.SYS 0x010D1000 \SystemRoot\system32\DRIVERS\msahci.sys 0x010DC000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS 0x010EC000 \SystemRoot\system32\drivers\amdxata.sys 0x010F7000 \SystemRoot\system32\drivers\fltmgr.sys 0x01143000 \SystemRoot\system32\drivers\fileinfo.sys 0x01206000 \SystemRoot\System32\Drivers\Ntfs.sys 0x01157000 \SystemRoot\System32\Drivers\msrpc.sys 0x013A8000 \SystemRoot\System32\Drivers\ksecdd.sys 0x01444000 \SystemRoot\System32\Drivers\cng.sys 0x014B6000 \SystemRoot\System32\drivers\pcw.sys 0x014C7000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x014D1000 \SystemRoot\system32\drivers\ndis.sys 0x016EC000 \SystemRoot\system32\drivers\NETIO.SYS 0x0174C000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x01800000 \SystemRoot\System32\drivers\tcpip.sys 0x01777000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x017C1000 \SystemRoot\system32\DRIVERS\vmstorfl.sys 0x01600000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x0164C000 \SystemRoot\System32\Drivers\spldr.sys 0x01654000 \SystemRoot\System32\drivers\rdyboost.sys 0x0168E000 \SystemRoot\System32\Drivers\mup.sys 0x016A0000 \SystemRoot\System32\drivers\hwpolicy.sys 0x016A9000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x017D1000 \SystemRoot\system32\DRIVERS\disk.sys 0x015C3000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x011B5000 \SystemRoot\system32\DRIVERS\dtsoftbus01.sys 0x01413000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x016E3000 \SystemRoot\System32\Drivers\Null.SYS 0x0143D000 \SystemRoot\System32\Drivers\Beep.SYS 0x013C2000 \SystemRoot\System32\drivers\vga.sys 0x013D0000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x01000000 \SystemRoot\System32\drivers\watchdog.sys 0x013F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x01010000 \SystemRoot\system32\drivers\rdpencdd.sys 0x01019000 \SystemRoot\system32\drivers\rdprefmp.sys 0x00FC6000 \SystemRoot\System32\Drivers\Msfs.SYS 0x00FD1000 \SystemRoot\System32\Drivers\Npfs.SYS 0x00FE2000 \SystemRoot\system32\DRIVERS\tdx.sys 0x00E00000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x02C14000 \SystemRoot\system32\drivers\afd.sys 0x02C9D000 \SystemRoot\System32\DRIVERS\netbt.sys 0x02CE2000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x02CED000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x02CF6000 \SystemRoot\system32\DRIVERS\pacer.sys 0x02D1C000 \SystemRoot\system32\DRIVERS\netbios.sys 0x02D2B000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x02D46000 \SystemRoot\system32\DRIVERS\termdd.sys 0x02D5A000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x02DAB000 \SystemRoot\system32\drivers\nsiproxy.sys 0x02DB7000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x02DC2000 \SystemRoot\System32\drivers\discache.sys 0x066BA000 \SystemRoot\system32\drivers\csc.sys 0x0673D000 \SystemRoot\System32\Drivers\dfsc.sys 0x0675B000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x0676C000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x0F090000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys 0x0FD07000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x0F000000 \SystemRoot\System32\drivers\dxgmms1.sys 0x0F046000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x06792000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x0F053000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0F064000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x06600000 \SystemRoot\system32\DRIVERS\yk62x64.sys 0x0689E000 \SystemRoot\system32\DRIVERS\netw5v64.sys 0x06DD9000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x06DDE000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x06800000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0680F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x0681E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys 0x06825000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x0682E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x06844000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x06854000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x0686A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x0688E000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x06665000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x06694000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x02DD1000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x00E0D000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x066AF000 \SystemRoot\system32\DRIVERS\hamachi.sys 0x067E8000 \SystemRoot\system32\DRIVERS\rdpbus.sys 0x0689A000 \SystemRoot\system32\DRIVERS\swenum.sys 0x00DAB000 \SystemRoot\system32\DRIVERS\ks.sys 0x02C00000 \SystemRoot\system32\DRIVERS\umbus.sys 0x07220000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x0727A000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x0728F000 \SystemRoot\system32\drivers\HdAudio.sys 0x072EB000 \SystemRoot\system32\drivers\portcls.sys 0x07328000 \SystemRoot\system32\drivers\drmk.sys 0x0734A000 \SystemRoot\system32\drivers\ksthunk.sys 0x0740A000 \SystemRoot\system32\DRIVERS\agrsm64.sys 0x0752C000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x0752E000 \SystemRoot\system32\drivers\modem.sys 0x0753D000 \SystemRoot\system32\drivers\nvhda64v.sys 0x00040000 \SystemRoot\System32\win32k.sys 0x0756A000 \SystemRoot\System32\drivers\Dxapi.sys 0x07576000 \SystemRoot\System32\Drivers\crashdmp.sys 0x07584000 \SystemRoot\System32\Drivers\dump_dumpata.sys 0x07590000 \SystemRoot\System32\Drivers\dump_msahci.sys 0x0759B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x075AE000 \SystemRoot\system32\DRIVERS\hidusb.sys 0x075BC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0x075D5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0x075DE000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x07350000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x0736D000 \SystemRoot\System32\Drivers\usbvideo.sys 0x02ACB000 \SystemRoot\System32\Drivers\ATSwpWDF.sys 0x02B80000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x02B8E000 \SystemRoot\system32\DRIVERS\monitor.sys 0x004F0000 \SystemRoot\System32\TSDDD.dll 0x007A0000 \SystemRoot\System32\cdd.dll 0x008D0000 \SystemRoot\System32\ATMFD.DLL 0x02B9C000 \SystemRoot\system32\drivers\luafv.sys 0x02BBF000 \SystemRoot\system32\drivers\WudfPf.sys 0x02BE0000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x02A00000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x02A53000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x02A66000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x054B0000 \SystemRoot\system32\drivers\HTTP.sys 0x05578000 \SystemRoot\system32\DRIVERS\bowser.sys 0x05596000 \SystemRoot\System32\drivers\mpsdrv.sys 0x055AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x05400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0544E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x088F4000 \SystemRoot\system32\drivers\peauth.sys 0x0899A000 \SystemRoot\System32\Drivers\secdrv.SYS 0x089A5000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x089D2000 \SystemRoot\System32\drivers\tcpipreg.sys 0x08800000 \SystemRoot\System32\DRIVERS\srv2.sys 0x08EB9000 \SystemRoot\System32\DRIVERS\srv.sys 0x76F20000 \Windows\System32\ntdll.dll 0x47A30000 \Windows\System32\smss.exe 0xFF240000 \Windows\System32\apisetschema.dll 0xFFA90000 \Windows\System32\autochk.exe 0xFF020000 \Windows\System32\ole32.dll 0xFEE40000 \Windows\System32\setupapi.dll 0x770F0000 \Windows\System32\normaliz.dll 0xFED70000 \Windows\System32\usp10.dll 0xFECD0000 \Windows\System32\comdlg32.dll
-
Good evening TheDarkKnight, When I ran the mbar.exe this message appeared: Registry value "AppInit_Dlls" has been found which may be caused by rootkit activity. Note: press NO button if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press YES should this message appear again. I clicked no & the scan ran smoothly. Here are the logs : --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3215839232, free: 1950830592 ------------ Kernel report ------------ 11/14/2012 20:26:44 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vmstorfl.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\yk62x64.sys \SystemRoot\system32\DRIVERS\netw5v64.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hamachi.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\agrsm64.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\ATSwpWDF.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\user32.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\lpk.dll \Windows\System32\sechost.dll \Windows\System32\ws2_32.dll \Windows\System32\msvcrt.dll \Windows\System32\urlmon.dll \Windows\System32\Wldap32.dll \Windows\System32\shell32.dll \Windows\System32\ole32.dll \Windows\System32\comdlg32.dll \Windows\System32\msctf.dll \Windows\System32\kernel32.dll \Windows\System32\nsi.dll \Windows\System32\rpcrt4.dll \Windows\System32\iertutil.dll \Windows\System32\clbcatq.dll \Windows\System32\shlwapi.dll \Windows\System32\psapi.dll \Windows\System32\oleaut32.dll \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\advapi32.dll \Windows\System32\usp10.dll \Windows\System32\gdi32.dll \Windows\System32\setupapi.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8003410170 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8002f1d060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2012.11.14.02 Downloaded database version: v2012.11.12.01 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.394000 GHz Memory total: 3215839232, free: 1987518464 ------------ Kernel report ------------ 11/14/2012 20:27:17 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\vmstorfl.sys \SystemRoot\system32\DRIVERS\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\dtsoftbus01.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\yk62x64.sys \SystemRoot\system32\DRIVERS\netw5v64.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\hamachi.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\HdAudio.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\agrsm64.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\ATSwpWDF.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\imagehlp.dll \Windows\System32\user32.dll \Windows\System32\imm32.dll \Windows\System32\difxapi.dll \Windows\System32\lpk.dll \Windows\System32\sechost.dll \Windows\System32\ws2_32.dll \Windows\System32\msvcrt.dll \Windows\System32\urlmon.dll \Windows\System32\Wldap32.dll \Windows\System32\shell32.dll \Windows\System32\ole32.dll \Windows\System32\comdlg32.dll \Windows\System32\msctf.dll \Windows\System32\kernel32.dll \Windows\System32\nsi.dll \Windows\System32\rpcrt4.dll \Windows\System32\iertutil.dll \Windows\System32\clbcatq.dll \Windows\System32\shlwapi.dll \Windows\System32\psapi.dll \Windows\System32\oleaut32.dll \Windows\System32\normaliz.dll \Windows\System32\wininet.dll \Windows\System32\advapi32.dll \Windows\System32\usp10.dll \Windows\System32\gdi32.dll \Windows\System32\setupapi.dll \Windows\System32\crypt32.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8003410170 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8002f1d060 Lower Device Driver Name: \Driver\atapi\ Device already Exists: 0xfffffa80037fb1f0 Initializing... Done! Scanning directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 1 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8003410170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8003411b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8003410170, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8002f1d060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00a447f50, 0xfffffa8003410170, 0xfffffa8002d7d360 Lower DeviceData: 0xfffff8a0099c6050, 0xfffffa8002f1d060, 0xfffffa80037fb1f0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: ADB8E06B Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 125837082 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 125837145 Numsec = 230693400 Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 356530545 Numsec = 268606800 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)... Done! Performing system, memory and registry scan... Done! Scan finished ======================================= Malwarebytes Anti-Rootkit 1.1.0.1009 www.malwarebytes.org Database version: v2012.11.14.02 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 ee :: EE-PC [administrator] 11/14/2012 8:37:21 PM mbar-log-2012-11-14 (20-37-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: PUP | PUM | P2P Objects scanned: 24701 Time elapsed: 9 minute(s), 44 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
-
Good afternoon TheDarkKnight, While I was reading your instructions and advice, Techno music started playing. No other browser was open, this was the only tab opened. I was not playing any music programs as well.It was only after i closed this sole window did it stop. Tool bar removed. Oh, those are cropped pictures from the guardian newspaper website, & the gif was from reddit. After opening a few tabs, there have been no redirects. Here are the OTL fix and AdwCleaner logs: All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2B777B68-9A82-4DA6-800B-882955F1F07F}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B777B68-9A82-4DA6-800B-882955F1F07F}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully. C:\Windows\SysNative\drivers\kgpcpy.cfg moved successfully. C:\Users\ee\AppData\Local\iwmvwspbz1m.crx moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User User: ee ->Temp folder emptied: 1797476 bytes ->Temporary Internet Files folder emptied: 35894465 bytes ->Java cache emptied: 54460 bytes ->Google Chrome cache emptied: 241774336 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 2711 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 602112 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 531263 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes RecycleBin emptied: 1814312 bytes Total Files Cleaned = 269.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11142012_172130 Files\Folders moved on Reboot... C:\Users\ee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... --------------- # AdwCleaner v2.007 - Logfile created 11/14/2012 at 17:27:02 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional (64 bits) # User : ee - EE-PC # Boot Mode : Normal # Running from : C:\Users\ee\Desktop\logs\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.64 File : C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1632 octets] - [13/11/2012 23:03:07] AdwCleaner[R2].txt - [1697 octets] - [13/11/2012 23:08:09] AdwCleaner[R3].txt - [1757 octets] - [13/11/2012 23:08:21] AdwCleaner[s1].txt - [1843 octets] - [13/11/2012 23:13:15] AdwCleaner[s2].txt - [875 octets] - [14/11/2012 17:27:02] ########## EOF - C:\AdwCleaner[s2].txt - [934 octets] ##########
-
Good evening TheDarkKnight, A question, is there any private information on all these logs posted I should be aware about? Here are the OTL.txt. Extras.txt. AdwCleaner[R1].txt. logs: TL logfile created on: 11/13/2012 10:44:41 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ee\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free 5.99 Gb Paging File | 4.50 Gb Available in Paging File | 75.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60.00 Gb Total Space | 19.90 Gb Free Space | 33.17% Space Free | Partition Type: NTFS Drive D: | 110.00 Gb Total Space | 78.88 Gb Free Space | 71.71% Space Free | Partition Type: NTFS Drive E: | 128.08 Gb Total Space | 41.02 Gb Free Space | 32.03% Space Free | Partition Type: NTFS Computer Name: EE-PC | User Name: ee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/13 22:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ee\Desktop\OTL.exe PRC - [2012/10/25 09:05:36 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/10/06 20:15:09 | 001,353,080 | ---- | M] (Valve Corporation) -- D:\steam\Steam.exe PRC - [2011/10/15 16:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe ========== Modules (No Company Name) ========== MOD - [2012/11/01 06:15:05 | 000,460,312 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll MOD - [2012/11/01 06:15:02 | 004,007,448 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/11/01 06:13:47 | 000,587,288 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/11/01 06:13:46 | 000,123,928 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/11/01 06:13:35 | 000,156,712 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/11/01 06:13:34 | 000,274,984 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/11/01 06:13:32 | 002,168,360 | ---- | M] () -- C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012/10/25 09:05:36 | 020,317,008 | ---- | M] () -- D:\steam\bin\libcef.dll MOD - [2012/10/25 09:05:35 | 001,099,616 | ---- | M] () -- D:\steam\bin\avcodec-53.dll MOD - [2012/10/25 09:05:35 | 000,902,480 | ---- | M] () -- D:\steam\bin\chromehtml.dll MOD - [2012/10/25 09:05:35 | 000,190,816 | ---- | M] () -- D:\steam\bin\avformat-53.dll MOD - [2012/10/25 09:05:35 | 000,123,232 | ---- | M] () -- D:\steam\bin\avutil-51.dll ========== Services (SafeList) ========== SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 09:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/10/25 09:05:36 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/08/29 12:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/08/28 07:40:00 | 004,204,272 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc) SRV - [2011/10/15 16:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/11 01:41:13 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/03/01 14:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/07/08 07:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011/03/11 14:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 14:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/12/03 16:48:32 | 000,716,872 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 09:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 09:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub) DRV:64bit: - [2009/06/11 05:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/11 04:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/02/21 17:55:00 | 000,393,728 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk60x64.sys -- (yukonx64) DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\URLSearchHook: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.sg/'>http://www.google.com.sg/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE EB 63 17 0C 5C CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {BA2B6456-3147-46D6-8BEE-D95878968E92} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{2B777B68-9A82-4DA6-800B-882955F1F07F}: "URL" = http://www.baidu.com/baidu?tn=dealio_dg&wd={searchTerms} IE - HKCU\..\SearchScopes\{BA2B6456-3147-46D6-8BEE-D95878968E92}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}'>http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKCU\..\SearchScopes\{E79D06E1-62C7-4091-80FF-1A7CAB6F4BB4}: "URL" = http://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ee\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - Extension: Entanglement = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\ CHR - Extension: Bookmark Sentry = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.3_0\ CHR - Extension: Glow = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bekmjjakgojplnhahcilegeiklenjbgb\1.0_0\ CHR - Extension: Turn Off the Lights = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.16_0\ CHR - Extension: High Contrast = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\djcfdncoelnlbldjfhinnjlhdjlikmph\0.4_0\ CHR - Extension: Collusion for Chrome = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ganlifbpkcplnldliibcbegplfmcfigp\1.10.4_0\ CHR - Extension: 3D Function Graphics = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\iobplelaajiidonodpenmapjhndgohhn\1.2_0\ CHR - Extension: Dropbox = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\ CHR - Extension: Ghostery = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\ CHR - Extension: Flash Player = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcplidffijapllcadglkoenobogpgdlb\11_0\ CHR - Extension: Psykopaint = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\ CHR - Extension: Psykopaint = C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak O1 HOSTS File: ([2012/11/03 23:43:04 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O3 - HKLM\..\Toolbar: (no name) - {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - No CLSID value found. O4 - HKCU..\Run: [DAEMON Tools Lite] D:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - D:\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/11/13 22:43:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ee\Desktop\OTL.exe [2012/11/13 21:07:38 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{FF66EE4E-B40F-44DF-B39D-68355298AD06} [2012/11/12 22:50:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/12 19:32:04 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{8174B6C9-07B4-4ADD-A860-27EA8E392A3F} [2012/11/12 02:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/11/11 08:22:51 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{F4936680-C053-47F2-AEED-01BFCB4A8B7D} [2012/11/11 02:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kalypso Media [2012/11/11 01:42:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012/11/11 01:41:13 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/11/10 10:58:22 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{4B597F43-E070-4E56-AF35-3A0659C6950B} [2012/11/09 18:10:49 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{B232200F-D29D-450A-A4C5-943CC16B281C} [2012/11/08 22:15:02 | 000,000,000 | ---D | C] -- C:\Users\ee\Desktop\logs [2012/11/08 18:57:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/11/08 18:57:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/11/08 18:57:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/11/08 18:56:42 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/08 18:56:35 | 000,000,000 | R--D | C] -- C:\Users\ee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/11/08 18:56:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/07 22:32:41 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{68FC57F7-D664-46E4-9063-74986ED17604} [2012/11/06 16:37:08 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{8A7424D3-6A4D-4EE0-983D-D5BABBB38E5A} [2012/11/05 20:19:56 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\{5824996B-1129-4C2F-BD17-771C73B5B612} [2012/11/05 13:56:18 | 000,000,000 | ---D | C] -- C:\Users\ee\AppData\Local\VirtualStore [2012/11/05 06:38:45 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/11/03 23:45:46 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/10/24 01:31:41 | 000,000,000 | R--D | C] -- C:\Users\ee\Videos [2012/10/23 21:23:31 | 000,000,000 | R--D | C] -- C:\Users\ee\Favorites [2012/10/23 21:23:26 | 000,000,000 | R--D | C] -- C:\Users\ee\Searches [2012/10/23 19:58:50 | 000,000,000 | ---D | C] -- C:\Users\ee\Tracing [2012/10/23 18:12:35 | 000,000,000 | ---D | C] -- C:\Users\ee\Desktop [2012/10/23 17:18:28 | 000,000,000 | ---D | C] -- C:\Users\ee\fourclover [2012/10/17 18:50:35 | 000,696,760 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/17 18:50:35 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/17 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\ee\Documents\Calibre Library [2012/10/17 16:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2 [2012/10/17 16:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/13 22:43:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ee\Desktop\OTL.exe [2012/11/13 22:22:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/13 22:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001UA.job [2012/11/13 17:22:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/13 12:01:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001Core.job [2012/11/13 07:30:22 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/13 07:30:22 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/13 07:27:28 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/13 07:27:28 | 000,660,546 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/13 07:27:28 | 000,121,442 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/13 07:22:52 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys [2012/11/11 01:41:13 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2012/11/08 18:52:53 | 000,000,448 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/11/05 09:39:19 | 000,037,070 | ---- | M] () -- C:\UPIFZ.jpg [2012/11/05 06:38:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/11/03 19:53:36 | 000,001,738 | ---- | M] () -- C:\Users\ee\AppData\Local\iwmvwspbz1m.crx [2012/10/31 09:33:29 | 002,175,795 | ---- | M] () -- C:\Users\ee\ibdb3QC8lsFRNj.gif [2012/10/31 09:15:18 | 000,035,308 | ---- | M] () -- C:\Users\ee\s2lVu.jpg [2012/10/31 08:19:40 | 000,253,279 | ---- | M] () -- C:\Users\ee\tuzX2.jpg [2012/10/31 07:36:56 | 000,075,265 | ---- | M] () -- C:\Users\ee\EVZKj.jpg [2012/10/31 06:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/10/23 21:26:54 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/10/23 21:26:54 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/10/23 18:13:14 | 000,026,855 | ---- | M] () -- C:\2.JPG [2012/10/23 18:12:55 | 000,064,747 | ---- | M] () -- C:\1.JPG [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/08 18:57:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/11/08 18:57:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/11/08 18:57:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/11/08 18:57:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/11/08 18:57:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/11/08 18:44:07 | 000,000,448 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg [2012/11/05 09:39:18 | 000,037,070 | ---- | C] () -- C:\UPIFZ.jpg [2012/11/03 19:53:36 | 000,001,738 | ---- | C] () -- C:\Users\ee\AppData\Local\iwmvwspbz1m.crx [2012/10/31 09:33:29 | 002,175,795 | ---- | C] () -- C:\Users\ee\ibdb3QC8lsFRNj.gif [2012/10/31 09:15:18 | 000,035,308 | ---- | C] () -- C:\Users\ee\s2lVu.jpg [2012/10/31 08:19:39 | 000,253,279 | ---- | C] () -- C:\Users\ee\tuzX2.jpg [2012/10/31 07:36:55 | 000,075,265 | ---- | C] () -- C:\Users\ee\EVZKj.jpg [2012/10/23 18:13:14 | 000,026,855 | ---- | C] () -- C:\2.JPG [2012/10/23 18:12:55 | 000,064,747 | ---- | C] () -- C:\1.JPG [2012/06/06 01:18:32 | 000,773,522 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/12/23 12:58:54 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011/12/23 12:58:54 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011/08/17 04:04:16 | 000,003,584 | ---- | C] () -- C:\Users\ee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/14 13:44:14 | 000,000,030 | ---- | C] () -- C:\Users\ee\AppData\Local\wic.exe! [2010/11/20 13:14:29 | 000,000,268 | ---- | C] () -- C:\Windows\game.ini ========== ZeroAccess Check ========== [2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 13:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 09:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2012/10/23 18:12:55 | 000,064,747 | ---- | M] () -- C:\1.JPG [2012/10/23 18:13:14 | 000,026,855 | ---- | M] () -- C:\2.JPG [2009/07/14 09:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010/09/22 15:04:52 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012/11/12 22:43:06 | 000,021,816 | ---- | M] () -- C:\ComboFix.txt [2010/10/06 16:50:00 | 000,203,836 | RHS- | M] () -- C:\grldr [2012/11/13 07:22:52 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys [2012/11/13 07:22:55 | 3215,839,232 | -HS- | M] () -- C:\pagefile.sys [2012/11/12 22:58:32 | 000,131,592 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_12.11.2012_22.57.40_log.txt [2012/11/05 09:39:19 | 000,037,070 | ---- | M] () -- C:\UPIFZ.jpg [2010/10/06 16:50:01 | 000,000,000 | RHS- | M] () -- C:\winx.ld < %systemroot%\*. /mp /s > < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ========== [2012/07/13 18:27:18 | 007,679,639 | ---- | M] ()(C:\Users\ee\Documents\IU - 04. ?? ? (You & I).mp3) -- C:\Users\ee\Documents\IU - 04. 너랑 나 (You & I).mp3 [2012/07/13 18:27:05 | 007,679,639 | ---- | C] ()(C:\Users\ee\Documents\IU - 04. ?? ? (You & I).mp3) -- C:\Users\ee\Documents\IU - 04. 너랑 나 (You & I).mp3 < End of report > ----------------------- OTL Extras logfile created on: 11/13/2012 10:44:41 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ee\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 68.66% Memory free 5.99 Gb Paging File | 4.50 Gb Available in Paging File | 75.07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60.00 Gb Total Space | 19.90 Gb Free Space | 33.17% Space Free | Partition Type: NTFS Drive D: | 110.00 Gb Total Space | 78.88 Gb Free Space | 71.71% Space Free | Partition Type: NTFS Drive E: | 128.08 Gb Total Space | 41.02 Gb Free Space | 32.03% Space Free | Partition Type: NTFS Computer Name: EE-PC | User Name: ee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- D:\photoshop\ps\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- D:\photoshop\ps\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01F7FB5C-3858-4861-B28B-226ADDC66860}" = lport=10243 | protocol=6 | dir=in | app=system | "{09134F4B-005F-4466-96AD-F572F1C5710A}" = lport=8370 | protocol=6 | dir=in | name=league of legends launcher | "{0DC6793B-7C21-45C4-94B8-5DFE7757EA89}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{167A249A-C73F-4979-9506-A78F7C875D29}" = rport=139 | protocol=6 | dir=out | app=system | "{1C8EFDAB-4E59-44E8-AC26-19A725B246F3}" = rport=10243 | protocol=6 | dir=out | app=system | "{1E3E5CCC-2807-44FE-810F-9DAB57A99F91}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1E684C35-8E21-4DE1-AEE2-DCB2852445A5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{230CAD33-32CB-44CE-B372-608DB048B364}" = lport=137 | protocol=17 | dir=in | app=system | "{6D064941-3324-430C-88F2-94240B9584DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{71848359-2BB8-4606-93C1-4780809E09B9}" = lport=138 | protocol=17 | dir=in | app=system | "{8480A487-1D4C-4619-9FA2-C7FC43217872}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{903773D3-CA68-43C6-A7C1-053B3FBCD344}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{916B9DD1-A88B-4516-9126-C7D8D0D2BD01}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{9D219D05-B9BD-443C-B09D-93B1E5512DE2}" = lport=8370 | protocol=17 | dir=in | name=league of legends launcher | "{A266A19E-39A8-417C-9E9E-5ECB282F0E51}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{ACBF2270-5966-42D1-8316-CF69BD7F041B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B00D2503-3735-4755-89A8-330474456869}" = lport=6893 | protocol=17 | dir=in | name=league of legends launcher | "{B3CBC02F-A10F-404F-9FE1-BAFBFD1605B6}" = lport=6893 | protocol=6 | dir=in | name=league of legends launcher | "{C0F64B43-63E5-4AEB-84BA-D7C356D166B1}" = lport=445 | protocol=6 | dir=in | app=system | "{C57259BF-C42C-45D2-8977-E77D187983FB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D79B9B20-0E57-43E4-979D-900D04B59302}" = lport=2869 | protocol=6 | dir=in | app=system | "{DE7EE85A-27B0-4885-A516-0CD4AD01AFCE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E81E8C67-A7BE-40DF-98DD-45108F7F0353}" = rport=445 | protocol=6 | dir=out | app=system | "{EBDDDC86-BE5F-4EB2-8B3D-BBEE0733F5CA}" = rport=138 | protocol=17 | dir=out | app=system | "{EC64BCA5-B915-451C-A1D5-75FEA6DFEA67}" = rport=137 | protocol=17 | dir=out | app=system | "{F4FD3D8C-960B-4F0D-9BE1-FF7263E01317}" = lport=139 | protocol=6 | dir=in | app=system | "{F75327B4-4357-4C9A-849A-9BA6B138FF2B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{092A9CF8-8CB9-4CA7-A545-6C9AE01C5E6E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{0B996DC9-B4BC-42B2-8FDE-310EAF9C71F0}" = protocol=6 | dir=in | app=d:\halite.exe | "{0C271F8C-E4CD-4CE7-AEF7-FDA27EDEE846}" = protocol=6 | dir=out | app=system | "{0F46C674-DB77-4F75-9675-130385E5D23A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | "{1406342D-885F-4C29-B1F8-C98874C55ACB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat | "{151A1846-B35D-49B9-AE07-09EA38608397}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{165F2298-0216-4438-A0C0-3DB89DD42605}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{16EB4FFE-7CAB-4CA6-922F-8E887A41C8FE}" = protocol=17 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe | "{1A67FC89-32C5-427C-AAF7-345EF31DBBD9}" = protocol=17 | dir=in | app=d:\fm.exe | "{1B780551-3054-4D65-A259-916B4B58875F}" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\game\league of legends.exe | "{1C184435-D473-4915-B01C-5FEAE4C8FB67}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1E7518AF-4799-4810-AE8E-75158025B689}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1EEBCA22-73B4-47F4-996F-58DDD5794790}" = protocol=17 | dir=in | app=d:\halite.exe | "{243D872C-371E-481D-8DD4-7C0EC8A17647}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{29E87208-D818-4BDE-B11B-86C89E2A6211}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth ii\game.dat | "{2CAB6C49-B0FE-450B-8FCC-19F1F29C87B9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{32BD1AA6-5AC7-4C99-98FA-B08C966DDD3A}" = protocol=6 | dir=in | app=d:\garena messenger\gamedata\apps\lol\air\lolclient.exe | "{3812F908-2EE0-45D2-9AFF-410AC3EE1093}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{3BBB832A-E1E7-4C25-BBB7-3C74BC5D397A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{47387B14-AE4E-4657-AED7-EFC0A0838E0E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4DB7557B-88F6-46A2-842B-4CFDB8E00AF8}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{5000033F-1EB3-4CF8-8EFC-95CED26054F1}" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\air\lolclient.exe | "{554B6936-88FF-495C-B3E0-7029D623CE96}" = protocol=6 | dir=in | app=d:\dn\dragonnest.exe | "{5716CB77-4615-4D24-9275-F86AA61241E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5EECDE6F-5B19-4E97-9696-D5B26D40389A}" = protocol=6 | dir=in | app=d:\fm.exe | "{604DC840-2970-434A-A193-226DDE6F6559}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{61E7E45B-0453-4B94-A4C8-183CC8A807E1}" = protocol=6 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe | "{63EB0765-1C39-4ABC-BEF8-7E06595FF4EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6BAB9F6A-BB9B-4820-A2D2-2C5589EE10DF}" = protocol=6 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe | "{6D6DD07C-1584-425C-89C9-8E2BA3260F4A}" = protocol=17 | dir=in | app=d:\dn\dragonnest.exe | "{6D9491D0-1CBE-4C74-BDC1-5E01A1DD00E3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | "{6F067044-2343-4813-B3B8-9F760FBA2545}" = protocol=6 | dir=in | app=d:\dn\dragonnest.exe | "{70357A08-1C28-4E11-88E0-73D95765D57C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{70F3AF1E-41BC-412F-BE3E-7CA3BEFF15C5}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{722EA1F6-CB33-429E-B7E2-0337DA37F612}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{767433B1-70B5-40E5-B016-298260E460C3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{79216725-F253-4C9F-9B03-B953A0EB2F81}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7A087BCB-3076-4E39-8746-59748449A043}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{7AAC63AE-D43D-48B9-B89E-854B0CBA1E1E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{7AEEFE8B-268F-4F4B-AA3D-816DCD38B4A8}" = protocol=6 | dir=in | app=d:\dragonnest.exe | "{84272A52-E7B7-4D83-B6A3-7127831BD26B}" = protocol=17 | dir=in | app=d:\garena messenger\gamedata\apps\lol\air\lolclient.exe | "{899327D7-215E-471B-BBA7-AE09B18A2C78}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{92B98B69-FB5B-47FC-97C6-6F5A3E54C46D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe | "{9529629A-BCDE-401B-9C87-CFE6861C5A94}" = protocol=17 | dir=in | app=d:\dragonnest.exe | "{9A858604-D8C6-4211-9B86-A073E7588560}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{9C494448-D958-48B2-8F84-0BB4C62002B3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9FAE2570-EFC4-42AD-89F6-8E3189A31461}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A08FCB2A-9100-4B92-87F6-5B13B226C051}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{A2BD39A3-40C8-4AAC-89ED-EA0B595B0FA0}" = protocol=17 | dir=in | app=d:\dn\dragonnest.exe | "{A8C44987-0512-4DC7-834C-45F154628511}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A947A19A-85AA-4434-A844-BC32C4A554E6}" = protocol=6 | dir=in | app=d:\dragonnest.exe | "{AD45B360-50D8-4F2F-B154-62A8F5B941E0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{AEEF178C-717D-487B-9233-CADD1B08B18A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "{B35905D6-90D7-4329-A866-01CC72B551E0}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{B8E5606A-C084-41C2-A239-F2E6138C0568}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{B96E51B8-931F-40CB-86C5-A1AD1B4A40D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BDA31937-B83E-4A67-BF68-923B9087B8DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BF0FA97C-E924-462A-88EA-C25D02328235}" = protocol=17 | dir=in | app=d:\garena messenger\gamedata\apps\lol\game\league of legends.exe | "{C3570F68-0F3E-46F9-A6AA-97046761F309}" = protocol=17 | dir=in | app=d:\dragonnest.exe | "{C700C6F4-7D77-4145-9EB0-4DD13DBA61E9}" = protocol=17 | dir=in | app=d:\diablo 3\diablo iii beta\diablo iii.exe | "{CC829972-7FAE-43B2-91F9-0B9B98240B39}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D655BA1F-EC05-4CB1-A91A-5731309FC0E8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{D665B0A0-E14A-48CB-AA31-C57AF807087D}" = protocol=6 | dir=in | app=d:\garena messenger\gamedata\apps\lol\game\league of legends.exe | "{D8CE0E0C-7C99-4E9D-9400-EFE50557F499}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{E4F8108A-F30B-4A4A-A6D2-4FA3736DC478}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{E60E6146-C0F5-42D6-85FB-094C5290E190}" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\air\lolclient.exe | "{F02859B6-BD20-42D8-A206-C431419C725B}" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\apps\lol\game\league of legends.exe | "TCP Query User{02450EAC-8C6D-4905-AB4A-8E382B862C41}D:\utorrent.exe" = protocol=6 | dir=in | app=d:\utorrent.exe | "TCP Query User{050B1DD5-CEF7-4D65-A503-522B7A9FBD26}D:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe | "TCP Query User{1229C332-EF25-4A6F-A41A-65BDFA03A011}D:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe | "TCP Query User{12CCF92C-ECBE-4A4F-8489-4AF853DA95A9}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=6 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | "TCP Query User{1BD5FD3D-69CC-463D-BDEF-CE2FB9942C73}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe | "TCP Query User{1E80794C-5C23-488B-957E-F86C5A87FDF6}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=6 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | "TCP Query User{23D36B1C-3098-4B20-B54D-936E5E0C8B88}E:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe | "TCP Query User{37BD2B21-3581-4EEF-B680-E2CBFE200E82}D:\garena messenger\garenamessenger.exe" = protocol=6 | dir=in | app=d:\garena messenger\garenamessenger.exe | "TCP Query User{38C73AB2-E18B-47F3-BF37-93E5A4D71369}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe | "TCP Query User{3B5B4AB8-426F-482E-BDD9-611A99DB9BB2}D:\lolinstaller.exe" = protocol=6 | dir=in | app=d:\lolinstaller.exe | "TCP Query User{3FEF3E1B-9483-4342-8FCA-0C23314D0585}C:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe | "TCP Query User{45FAB807-801B-4039-869D-D7E932B0DCBC}D:\omd2\orcs must die 2\build\release\orcsmustdie2.exe" = protocol=6 | dir=in | app=d:\omd2\orcs must die 2\build\release\orcsmustdie2.exe | "TCP Query User{6F3D2C7A-F2C6-4A65-AE8D-B6A4A8FC78A3}D:\utorrent.exe" = protocol=6 | dir=in | app=d:\utorrent.exe | "TCP Query User{73C98552-5F75-4C8B-BFA7-EBCFDB82B564}C:\program files (x86)\garena messenger\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena messenger\garenamessenger.exe | "TCP Query User{74AE4AD1-8922-4C02-A90A-9BC87119E1BB}D:\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=d:\garena plus\room\garena_room.exe | "TCP Query User{85467F8E-E0C8-444E-A8B2-010A06B4F41B}D:\unmechanical\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\unmechanical\binaries\win32\udk.exe | "TCP Query User{857ACBFD-DF96-4BF1-835F-1BCD1EFCD265}E:\grimlauncher1.5\grim fandango launcher.exe" = protocol=6 | dir=in | app=e:\grimlauncher1.5\grim fandango launcher.exe | "TCP Query User{B61208AE-3150-4DDA-9E9D-F42C4E46ECDF}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=6 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe | "TCP Query User{C0DE5F5A-0FD8-4C00-BE4A-F907695CF668}D:\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=d:\garena plus\room\garena_room.exe | "TCP Query User{C2BC08B3-D08A-4D61-8A3A-02D73598CED9}D:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe" = protocol=6 | dir=in | app=d:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe | "TCP Query User{D08AF38E-630B-45B4-96D4-313DABDF4FFC}C:\users\ee\downloads\lolinstaller.exe" = protocol=6 | dir=in | app=c:\users\ee\downloads\lolinstaller.exe | "TCP Query User{D998120A-5444-4FC5-94A5-EA155E25B64B}D:\fifa 12\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\fifa 12\fifa 12\game\fifa.exe | "TCP Query User{FB1BA204-9802-441B-AEA8-1BF1941266C2}D:\l4d2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=d:\l4d2\left 4 dead 2\left4dead2.exe | "UDP Query User{0E6F4E38-E631-4823-A59A-27FA5510F30D}C:\program files (x86)\garena messenger\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\room\garena_room.exe | "UDP Query User{1696BE1E-DCD2-4B12-B7E5-0656CD2346E3}D:\garena messenger\garenamessenger.exe" = protocol=17 | dir=in | app=d:\garena messenger\garenamessenger.exe | "UDP Query User{2233428D-B57F-4ED6-9470-3095B1AC6ECD}D:\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=d:\garena plus\room\garena_room.exe | "UDP Query User{33708BB5-2286-48A9-8D9E-C41F70850907}E:\grimlauncher1.5\grim fandango launcher.exe" = protocol=17 | dir=in | app=e:\grimlauncher1.5\grim fandango launcher.exe | "UDP Query User{3A501273-288A-42AC-A9ED-9757CA8E4D0A}D:\utorrent.exe" = protocol=17 | dir=in | app=d:\utorrent.exe | "UDP Query User{50D38B3C-36B5-4A0E-AFA7-D37F806C36A8}D:\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=d:\garena plus\room\garena_room.exe | "UDP Query User{5779F626-45B6-4E55-BAA6-EEB82F5C75EB}D:\lolinstaller.exe" = protocol=17 | dir=in | app=d:\lolinstaller.exe | "UDP Query User{619E8489-7068-44C6-8AD1-C0510B9E1C5B}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=17 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | "UDP Query User{65A0798E-6C8B-4F8F-9627-EB13FDD825A7}D:\fifa 12\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\fifa 12\fifa 12\game\fifa.exe | "UDP Query User{6FC3D863-77B8-439A-A7EB-63BBBD7984CC}D:\l4d2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=d:\l4d2\left 4 dead 2\left4dead2.exe | "UDP Query User{755DCDA5-205B-472D-BFB6-E6EB7EF640BB}C:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\woahlzxh\team fortress 2\hl2.exe | "UDP Query User{81CE298B-A7C3-4B07-BDCF-DBEBED691DF0}C:\users\ee\downloads\lolinstaller.exe" = protocol=17 | dir=in | app=c:\users\ee\downloads\lolinstaller.exe | "UDP Query User{87241116-7143-4FA5-8ECC-818D299269C0}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe | "UDP Query User{8D959418-C5C7-4197-BB79-4650AEEE3C85}D:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\diablo 2 with lord of destruction (v1.13c) (direct play)\diablo ii\game.exe | "UDP Query User{98A4D880-35E8-4B16-9437-F9AA8E1C66CE}D:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\torchlight.ii-reloaded\torchlight ii\torchlight2.exe | "UDP Query User{9D6275ED-0516-4093-9BED-639EB2B9A514}C:\program files (x86)\garena messenger\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena messenger\garenamessenger.exe | "UDP Query User{A3E11DD9-A658-449A-BB23-C8304AFE4D1E}D:\omd2\orcs must die 2\build\release\orcsmustdie2.exe" = protocol=17 | dir=in | app=d:\omd2\orcs must die 2\build\release\orcsmustdie2.exe | "UDP Query User{B3128373-E183-4EAA-A787-58DDAFBEBDE4}D:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe" = protocol=17 | dir=in | app=d:\sins of a solar empire\sins of a solar empire diplomacy ico\sins of a solar empire diplomacy.exe | "UDP Query User{B6374CB1-DF20-4988-A68F-C524B3A9A772}D:\reckoning\kingdoms of amalur reckoning\reckoning.exe" = protocol=17 | dir=in | app=d:\reckoning\kingdoms of amalur reckoning\reckoning.exe | "UDP Query User{B9794620-473D-45DD-A990-DCC1801A1EB6}E:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\woahlzxh\team fortress 2\hl2.exe | "UDP Query User{C9C30463-9D9A-4DF3-A6C0-8E99C7165D5F}D:\unmechanical\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\unmechanical\binaries\win32\udk.exe | "UDP Query User{E47A236B-3A62-41D6-9DDC-EBB918C67715}D:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe" = protocol=17 | dir=in | app=d:\left 4 dead 2 v2.0.0.1 cracked\left4dead2.exe | "UDP Query User{F1482B1B-6430-4D46-AE29-09120B2C9BC0}D:\utorrent.exe" = protocol=17 | dir=in | app=d:\utorrent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64 "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64 "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 260.99 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64 "{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.6 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema 1.5.3.3898 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3C36247E-5879-401C-B423-EB5D663B02D9}" = FMRTE "{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4D53090A-CE35-42BD-B377-831000018301}" = Fable III "{4D53090A-CE35-42BD-B377-831000018302}" = Fable III "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007 "{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_WORD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0AF5EFE-5971-4A54-A69F-D2D95E9E5363}" = Halite "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED8DE18A-421A-46CE-884B-E913EB16AB49}" = calibre "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "CCleaner" = CCleaner "CDisplayEx_is1" = CDisplayEx 1.8 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11 "DAEMON Tools Lite" = DAEMON Tools Lite "ESET Online Scanner" = ESET Online Scanner v3 "foobar2000" = foobar2000 v1.1.10 "lavfilters_is1" = LAV Filters 0.42 "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "Marvell Miniport Driver" = Marvell Miniport Driver "Messenger Plus!" = Messenger Plus! 5 "Picasa 3" = Picasa 3 "Sine Mora_is1" = Sine Mora "Steam App 570" = Dota 2 "Torchlight II © Runic Games_is1" = Torchlight II © Runic Games version 1 "WinLiveSuite" = Windows Live Essentials "WORD" = Microsoft Office Word 2007 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 11/5/2011 9:21:50 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/5/2011 9:21:50 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 12121 Error - 11/5/2011 9:21:50 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 12121 Error - 11/5/2011 9:21:47 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/5/2011 9:21:47 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 13213 Error - 11/5/2011 9:21:47 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 13213 Error - 11/5/2011 10:07:16 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/5/2011 10:07:16 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2741670 Error - 11/5/2011 10:07:16 AM | Computer Name = ee-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2741670 Error - 11/5/2011 12:30:39 PM | Computer Name = ee-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "d:\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "d:\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. [ System Events ] Error - 11/12/2012 10:50:12 AM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7000 Description = The sbapifs service failed to start due to the following error: %%2 Error - 11/12/2012 10:50:33 AM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/12/2012 10:51:42 AM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7005 Description = The LoadUserProfile call failed with the following error: %%3 Error - 11/12/2012 1:48:27 PM | Computer Name = ee-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:46:47 AM on ?11/?13/?2012 was unexpected. Error - 11/12/2012 1:48:27 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7000 Description = The sbapifs service failed to start due to the following error: %%2 Error - 11/12/2012 1:48:50 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/12/2012 1:49:59 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7005 Description = The LoadUserProfile call failed with the following error: %%3 Error - 11/12/2012 7:22:59 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7000 Description = The sbapifs service failed to start due to the following error: %%2 Error - 11/12/2012 7:23:16 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: SBRE Error - 11/12/2012 7:24:02 PM | Computer Name = ee-PC | Source = Service Control Manager | ID = 7005 Description = The LoadUserProfile call failed with the following error: %%3 < End of report > -------------------------- # AdwCleaner v2.007 - Logfile created 11/13/2012 at 23:03:07 # Updated 06/11/2012 by Xplode # Operating system : Windows 7 Professional (64 bits) # User : ee - EE-PC # Boot Mode : Normal # Running from : C:\Users\ee\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Users\ee\AppData\LocalLow\Conduit Folder Found : C:\Users\ee\AppData\LocalLow\MessengerPlusLive_TB Folder Found : C:\Users\ee\AppData\LocalLow\PriceGong ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\MessengerPlusLive_TB Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\MessengerPlusLive_TB Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{54A1A003-0A7A-496B-9A27-2ABC4D044623} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D8FB4583-DB9D-4C7B-85BE-294C13A3E5C4}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D8FB4583-DB9D-4C7B-85BE-294C13A3E5C4}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.64 File : C:\Users\ee\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [1503 octets] - [13/11/2012 23:03:07] ########## EOF - C:\AdwCleaner[R1].txt - [1563 octets] ##########
-
hello! Thanks for the advice on p2p & sharing the information with me. I have removed the program. Today find gala returned with a vengeance, directing chrome sites to a sports ad, to a fake anti virus page. Mostly it just redirected to its find gala page. should I do another round of scans? my laptop has no issues, its been running smoothly for 4 years now! Here is the ESET log: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=77e67b4d5cf0dd44a2136bddcf1264e3 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-11 08:05:56 # local_time=2012-11-12 04:05:56 (+0800, Malay Peninsula Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 89118 104288366 0 0 # compatibility_mode=8192 67108863 100 0 667 667 0 0 # scanned=169909 # found=1 # cleaned=0 # scan_time=5840 D:\DAEMON Tools Lite\DTLite4461-0327.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=77e67b4d5cf0dd44a2136bddcf1264e3 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-11-12 12:08:13 # local_time=2012-11-12 08:08:13 (+0800, Malay Peninsula Standard Time) # country="United States" # lang=1033 # osver=6.1.7600 NT # compatibility_mode=768 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 138264 104337512 0 0 # compatibility_mode=8192 67108863 100 0 49813 49813 0 0 # scanned=181947 # found=1 # cleaned=0 # scan_time=14430 D:\DAEMON Tools Lite\DTLite4461-0327.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
-
Edit: should not have attached files since its still infected.here are the logs: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.08.03 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 [administrator] 11/8/2012 8:45:40 PM mbam-log-2012-11-08 (20-45-40).txt Scan type: Full scan (C:\|D:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 353990 Time elapsed: 52 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 8:30:15 PM, on 11/8/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16450) Boot mode: Normal Running processes: C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - (no file) O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent.exe" /MINIMIZED O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8128 bytes ----------------------- ComboFix 12-11-08.01 - 11/08/2012 19:22:42.3.2 - x64 NETWORK Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3067.2327 [GMT 8:00] Running from: c:\users\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-10-08 to 2012-11-08 ))))))))))))))))))))))))))))))) . . 2012-11-07 01:35 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DCFC2F7-8654-425D-826B-4FB4FAE54AB6}\mpengine.dll 2012-11-05 05:56 . 2012-11-05 05:56 -------- d-----w- c:\users\AppData\Local\VirtualStore 2012-11-04 22:38 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-04 22:37 . 2012-11-04 22:37 -------- d-----w- c:\program files\AVAST Software 2012-11-03 15:45 . 2012-11-03 15:45 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-23 11:58 . 2012-10-23 11:58 -------- d-----w- c:\users\Tracing 2012-10-23 09:18 . 2012-11-03 16:24 -------- d-----w- c:\users\fourclover 2012-10-17 10:50 . 2012-10-23 13:26 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-17 10:50 . 2012-10-23 13:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-17 08:40 . 2012-10-17 08:41 -------- d-----w- c:\program files (x86)\Calibre2 2012-10-13 20:45 . 2012-08-27 23:40 4204272 ----a-w- c:\windows\SysWow64\GameMon.des 2012-10-13 20:43 . 2005-01-04 09:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys 2012-10-13 20:43 . 2003-07-20 18:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd 2012-10-13 20:43 . 2012-10-13 20:43 -------- d-----w- c:\program files\Common Files\INCA Shared 2012-10-10 16:32 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 16:32 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 16:32 . 2012-09-14 19:23 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 16:32 . 2012-09-14 18:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 16:32 . 2012-08-11 00:53 714752 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 16:32 . 2012-08-10 23:54 541184 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 16:32 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 16:32 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 16:32 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 16:32 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 16:32 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 16:32 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-10 17:58 . 2010-10-09 07:01 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-09-29 11:54 . 2010-09-22 18:13 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-24 11:15 . 2012-09-22 19:00 17810944 ----a-w- c:\windows\system32\mshtml.dll 2012-08-24 10:39 . 2012-09-22 19:00 10925568 ----a-w- c:\windows\system32\ieframe.dll 2012-08-24 10:31 . 2012-09-22 19:00 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-08-24 10:22 . 2012-09-22 19:00 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-08-24 10:21 . 2012-09-22 19:00 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-08-24 10:20 . 2012-09-22 19:00 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-24 10:18 . 2012-09-22 19:00 237056 ----a-w- c:\windows\system32\url.dll 2012-08-24 10:17 . 2012-09-22 19:00 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-08-24 10:14 . 2012-09-22 19:00 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-08-24 10:14 . 2012-09-22 19:00 816640 ----a-w- c:\windows\system32\jscript.dll 2012-08-24 10:13 . 2012-09-22 19:00 599040 ----a-w- c:\windows\system32\vbscript.dll 2012-08-24 10:12 . 2012-09-22 19:00 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-08-24 10:11 . 2012-09-22 19:00 729088 ----a-w- c:\windows\system32\msfeeds.dll 2012-08-24 10:10 . 2012-09-22 19:00 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-08-24 10:09 . 2012-09-22 19:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-08-24 10:04 . 2012-09-22 19:00 248320 ----a-w- c:\windows\system32\ieui.dll 2012-08-24 06:59 . 2012-09-22 19:00 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-08-24 06:51 . 2012-09-22 19:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-08-24 06:51 . 2012-09-22 19:00 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-08-24 06:47 . 2012-09-22 19:00 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-08-24 06:47 . 2012-09-22 19:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-08-24 06:43 . 2012-09-22 19:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-08-21 05:01 . 2012-10-09 08:39 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-08-21 05:01 . 2011-04-04 11:35 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 05:01 . 2011-04-04 11:35 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-18 11:19 . 2012-10-10 16:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="d:\daemon tools lite\DTLite.exe" [2010-04-01 357696] "uTorrent"="D:\uTorrent.exe" [2012-05-11 880496] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 716872] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 54824] R3 GGSAFERDriver;GGSAFER Driver;d:\garena plus\Room\safedrv.sys [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-22 1255736] R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2008-02-21 393728] S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 2369960] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . Contents of the 'Scheduled Tasks' folder . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-01 14:41] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-01 14:41] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001Core.job - c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-21 15:58] . 2012-11-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-653543735-296090576-2018118724-1001UA.job - c:\users\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-21 15:58] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 . - - - - ORPHANS REMOVED - - - - . Toolbar-{d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{26604C7E-A313-4D12-867F-7C6E7820BE4C} - c:\program files (x86)\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe AddRemove-{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E} - c:\program files (x86)\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-653543735-296090576-2018118724-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2d,f3,11,22,f6,e3,3a,0c,a3,97,b4,83,a7,00,3b,3a,5f,87,82,a5,e1,ef,07, 49,0b,43,d7,66,9b,25,6e,01,20,4a,f6,bb,2f,ea,f0,59,4c,fb,c4,cc,c9,d5,c5,a6,\ "??"=hex:fb,8e,33,19,1a,6f,15,23,28,fd,86,c1,b8,4d,d3,5d . [HKEY_USERS\S-1-5-21-653543735-296090576-2018118724-1001\Software\SecuROM\License information*] "datasecu"=hex:ab,cf,b2,2f,26,ec,b7,07,43,50,45,5b,0c,0a,16,56,b2,f7,aa,d5,17, ad,e8,84,70,d2,7c,cf,5d,44,5f,83,c9,3e,52,46,d4,2f,2e,54,30,c1,87,a0,fb,9d,\ "rkeysecu"=hex:f5,fd,47,34,3f,18,4d,5d,54,6c,de,45,09,47,9e,52 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-08 19:32:01 ComboFix-quarantined-files.txt 2012-11-08 11:32 ComboFix2.txt 2012-11-08 11:09 . Pre-Run: 20,710,404,096 bytes free Post-Run: 20,646,273,024 bytes free . - - End Of File - - 65A134CFE2BD95507F4A172254A42E66 -------------------------------------- DS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16450 Run by at 20:38:06 on 2012-11-08 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3067.1476 [GMT 8:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wuauclt.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\ee\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com.sg/ mURLSearchHooks: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - <orphaned> BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll uRun: [DAEMON Tools Lite] "D:\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [uTorrent] "D:\uTorrent.exe" /MINIMIZED uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}\3594E4744554C4D223435393 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}\3594E4744554C4D273936303 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{A96D1D90-4422-43A0-BE93-FA2498BC4D5B}\7796275643732393 : DHCPNameServer = 192.168.1.1 192.168.1.1 SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-8-29 2369960] R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-22 1255736] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-2-21 393728] . =============== Created Last 30 ================ . 2012-11-08 11:55:10 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-08 10:57:00 98816 ----a-w- C:\Windows\sed.exe 2012-11-08 10:57:00 256000 ----a-w- C:\Windows\PEV.exe 2012-11-08 10:57:00 208896 ----a-w- C:\Windows\MBR.exe 2012-11-07 14:32:41 -------- d-----w- C:\Users\AppData\Local\{68FC57F7-D664-46E4-9063-74986ED17604} 2012-11-07 01:35:47 9291768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1DCFC2F7-8654-425D-826B-4FB4FAE54AB6}\mpengine.dll 2012-11-06 08:37:08 -------- d-----w- C:\Users\AppData\Local\{8A7424D3-6A4D-4EE0-983D-D5BABBB38E5A} 2012-11-05 12:19:56 -------- d-----w- C:\Users\AppData\Local\{5824996B-1129-4C2F-BD17-771C73B5B612} 2012-11-05 05:56:18 -------- d-----w- C:\Users\AppData\Local\VirtualStore 2012-11-04 22:37:23 -------- d-----w- C:\Program Files\AVAST Software 2012-11-03 15:45:46 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-23 11:58:50 -------- d-----w- C:\Users\ee\Tracing 2012-10-23 09:18:28 -------- d-----w- C:\Users\ee\fourclover 2012-10-17 10:50:35 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-17 10:50:35 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-17 08:40:55 -------- d-----w- C:\Program Files (x86)\Calibre2 2012-10-13 20:45:30 4204272 ----a-w- C:\Windows\SysWow64\GameMon.des 2012-10-13 20:43:59 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd 2012-10-13 20:43:59 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys 2012-10-13 20:43:01 -------- d-----w- C:\Program Files\Common Files\INCA Shared 2012-10-10 16:32:44 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-10 16:32:44 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-10 16:32:41 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-10 16:32:41 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-10 16:32:36 714752 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-10 16:32:36 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-10 16:32:34 182272 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-10 16:32:34 1462784 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-10 16:32:34 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-10 16:32:34 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-10 16:32:33 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-10 16:32:33 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ==================== Find3M ==================== . 2012-09-29 11:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-21 05:01:20 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-08-21 05:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 05:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 20:39:07.81 ===============
-
Hello! Google Chrome infected with gala find malware. My attempts : used MalwareBytes's Anti-malware,Avast, superantispyware, spybot earch and destroy, Unfortunately did not save logs,did remember no detection of gala find. Gala find continues to redirect links and websites. Next action : opened c:\windows\system32\drivers\etc\hosts deleted anything below the local host 127.0.0.1 (highlight the text and hit 'delete') used combofix in safe mode. Gala find not appearing. wonder if still infected? thanks! Update : It is still infected. a redirect to gala did happen. attach.txt dds.txt hijackthis.log ComboFix.txt ComboFix.txt hijackthis.log dds.txt attach.txt mbam-log-2012-11-08 (20-45-40).txt