Twohands108

Members

View Profile See their activity

Posts
16
Joined
November 21, 2012
Last visited
November 27, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by Twohands108

Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

I think because my chrome is a later version the settings for search providers is a little different, but I found where to change it. Settings > Search > I changed Google to default and deleted dts. This appears to have worked! Thanks very much MrC!!!!. I'll monitor over next few days and let you know if any problems. Should I be worried about any data protection or keylogging as I have put in passwords and bank details before i realised the problem.
- November 26, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Hi, I can't be sure but it seems to be just chrome. I think it is this search results, it does a dts search results and then goes to an ask page. OTL file below. OTL logfile created on: 25/11/2012 20:54:33 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ray Hall\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.60 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 61.83% Memory free 7.20 Gb Paging File | 5.39 Gb Available in Paging File | 74.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.92 Gb Total Space | 226.11 Gb Free Space | 79.92% Space Free | Partition Type: NTFS Computer Name: RAYHALL-PC | User Name: Ray Hall | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/22 20:06:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe PRC - [2012/10/31 22:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/10/24 11:46:14 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/08/06 13:58:26 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe PRC - [2012/07/31 19:19:17 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe PRC - [2011/11/29 10:17:38 | 000,251,200 | ---- | M] (Compete, Inc.) -- C:\Program Files (x86)\Consumer Input\dca-ua.exe PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/07/19 15:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012/10/31 22:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll MOD - [2012/10/31 22:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012/10/31 22:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/10/31 22:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/10/31 22:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/10/31 22:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/10/31 22:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/10/31 22:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012/10/24 11:46:13 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/10/24 11:46:10 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/10/24 11:46:10 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/10/24 11:46:10 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/10/24 11:46:10 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Services (SafeList) ========== SRV:64bit: - [2011/06/10 04:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011/06/08 05:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/05/17 22:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/10/24 11:46:14 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/31 19:19:17 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/07/19 15:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011/07/12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/06/08 06:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/06/08 05:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/14 20:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/02/09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/01/05 09:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/11 20:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/05 15:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010/11/05 15:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/10/08 19:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/09/27 23:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 23:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/07 17:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\..\SearchScopes,DefaultScope = {5A59D1C6-486E-42BC-8E80-EB0BC6750DBF} IE - HKCU\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKCU\..\SearchScopes\{5A59D1C6-486E-42BC-8E80-EB0BC6750DBF}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enGB469 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ray Hall\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/26 21:28:30 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1411461434014194&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ray Hall\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Google Drive = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Skype Click to Call = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/23 21:07:35 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe (Compete, Inc.) O4 - HKCU..\Run: [Facebook Update] C:\Users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45BCF574-D48F-4F44-861B-C416806822FA}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/24 21:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/11/24 13:10:34 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\PCCUStubInstaller [2012/11/24 01:01:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Conexant [2012/11/24 01:01:35 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Local\Conexant [2012/11/23 21:19:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/11/23 21:11:59 | 000,000,000 | ---D | C] -- C:\windows\temp [2012/11/23 20:54:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2012/11/23 20:54:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2012/11/23 20:54:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2012/11/23 20:54:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/11/23 20:54:06 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2012/11/23 20:50:02 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\Ray Hall\Desktop\ComboFix.exe [2012/11/23 20:47:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/11/23 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Local\MFAData [2012/11/23 20:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012/11/23 20:47:07 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Local\Avg2013 [2012/11/23 20:46:51 | 004,424,392 | ---- | C] (AVG Technologies) -- C:\Users\Ray Hall\Desktop\avg_avct_stb_all_2013_2793_ppc2.exe [2012/11/23 19:43:29 | 000,000,000 | ---D | C] -- C:\_OTL [2012/11/22 20:06:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe [2012/11/21 23:36:40 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2012/11/21 23:35:59 | 000,000,000 | ---D | C] -- C:\JRT [2012/11/21 20:53:51 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\Malwarebytes [2012/11/21 20:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/21 20:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/21 20:52:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/11/21 20:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/16 00:17:28 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012/11/16 00:17:28 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012/11/16 00:06:22 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/11/16 00:06:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/11/16 00:06:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/11/16 00:06:19 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/11/16 00:06:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/11/16 00:06:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/11/16 00:06:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/11/16 00:06:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/11/16 00:06:18 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/11/16 00:06:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/11/16 00:06:17 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/11/16 00:06:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/11/16 00:06:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/11/16 00:06:14 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/11/16 00:06:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/11/16 00:05:06 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012/11/16 00:05:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012/11/16 00:05:04 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012/11/16 00:05:04 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012/11/15 11:04:51 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012/11/15 11:04:51 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012/11/15 11:04:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012/11/15 11:04:43 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012/11/15 11:04:43 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012/11/15 11:04:43 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012/11/15 11:04:42 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012/11/15 11:04:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012/11/15 11:04:42 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012/11/15 11:04:22 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012/11/15 11:04:22 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012/06/22 18:07:10 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Ray Hall\AppData\Local\log4cxx.dll ========== Files - Modified Within 30 Days ========== [2012/11/25 20:58:01 | 000,000,938 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000UA.job [2012/11/25 20:58:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000Core.job [2012/11/25 20:39:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/25 19:15:43 | 005,537,234 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/11/25 19:15:43 | 002,606,654 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/11/25 19:15:43 | 000,006,442 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/11/25 19:12:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/25 16:54:45 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/25 16:54:45 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/25 16:47:11 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/25 16:46:54 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys [2012/11/24 21:33:15 | 000,002,300 | ---- | M] () -- C:\Users\Ray Hall\Desktop\Google Chrome.lnk [2012/11/23 21:07:35 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2012/11/23 20:49:40 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\Ray Hall\Desktop\ComboFix.exe [2012/11/23 20:44:27 | 004,424,392 | ---- | M] (AVG Technologies) -- C:\Users\Ray Hall\Desktop\avg_avct_stb_all_2013_2793_ppc2.exe [2012/11/22 20:06:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe [2012/11/21 22:00:44 | 000,543,531 | ---- | M] () -- C:\Users\Ray Hall\Desktop\adwcleaner.exe [2012/11/21 20:52:59 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/16 10:40:12 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/11/10 22:02:46 | 000,000,454 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Ray Hall.job [2012/11/04 16:00:43 | 001,699,299 | ---- | M] () -- C:\Users\Ray Hall\Desktop\IMG-20121104-00273.jpg [2012/10/29 21:03:22 | 000,002,378 | ---- | M] () -- C:\Users\Ray Hall\Desktop\Sky Go Desktop.lnk ========== Files Created - No Company Name ========== [2012/11/24 21:33:15 | 000,002,300 | ---- | C] () -- C:\Users\Ray Hall\Desktop\Google Chrome.lnk [2012/11/23 22:30:55 | 000,543,531 | ---- | C] () -- C:\Users\Ray Hall\Desktop\adwcleaner.exe [2012/11/23 20:54:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2012/11/23 20:54:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2012/11/23 20:54:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2012/11/23 20:54:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2012/11/23 20:54:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2012/11/21 20:52:59 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/16 11:07:20 | 001,771,942 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10968 - Copy.JPG [2012/11/16 10:43:41 | 001,845,667 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10969.JPG [2012/11/16 10:43:30 | 001,771,942 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10968.JPG [2012/11/16 00:17:31 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/16 00:05:03 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/04 07:59:50 | 001,699,299 | ---- | C] () -- C:\Users\Ray Hall\Desktop\IMG-20121104-00273.jpg [2012/10/29 21:03:22 | 000,002,408 | ---- | C] () -- C:\Users\Ray Hall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Desktop.lnk [2012/10/29 21:03:22 | 000,002,378 | ---- | C] () -- C:\Users\Ray Hall\Desktop\Sky Go Desktop.lnk [2012/06/22 14:00:08 | 000,788,548 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/12/08 02:29:31 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/12/08 02:15:49 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/12/08 02:12:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
- November 25, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Hi, I followed those instructions including uninstalling Google Chrome and then re-installing and the problem persists
- November 24, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Done but no change.
- November 24, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Hi, I'm getting the same sort of results as the first time you asked me to run these. Adwcleaner is detecting the DTS Search and saying it has deleted it, but the problem remains. I also noticed a problem with sound yesterday. I tried to adjust the sound and it was gone from tray app, it didn't return even when i selected it too. I was then getting a box come up called Smart Audio which also appears to be a virus. Please Help # AdwCleaner v2.008 - Logfile created 11/24/2012 at 11:44:23 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Ray Hall - RAYHALL-PC # Boot Mode : Normal # Running from : C:\Users\Ray Hall\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.40] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid[...] ************************* AdwCleaner[R1].txt - [4351 octets] - [21/11/2012 22:02:12] AdwCleaner[R2].txt - [4411 octets] - [21/11/2012 22:06:01] AdwCleaner[R3].txt - [4471 octets] - [21/11/2012 22:29:51] AdwCleaner[R4].txt - [1212 octets] - [23/11/2012 22:31:15] AdwCleaner[R5].txt - [1272 octets] - [23/11/2012 23:26:03] AdwCleaner[R6].txt - [1392 octets] - [24/11/2012 11:44:04] AdwCleaner[s1].txt - [4434 octets] - [21/11/2012 22:30:29] AdwCleaner[s2].txt - [1264 octets] - [23/11/2012 23:26:43] AdwCleaner[s3].txt - [1255 octets] - [24/11/2012 11:44:23] ########## EOF - C:\AdwCleaner[s3].txt - [1315 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.4.1 (11.21.2012) OS: Windows 7 Home Premium x64 Ran by Ray Hall on 24/11/2012 at 11:48:33.52 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Ray Hall\AppData\Roaming\pccustubinstaller" Failed to delete: [Folder] "C:\Program Files (x86)\consumer input" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24/11/2012 at 11:59:57.76 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- November 24, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

# AdwCleaner v2.008 - Logfile created 11/23/2012 at 22:31:15 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Ray Hall - RAYHALL-PC # Boot Mode : Normal # Running from : C:\Users\Ray Hall\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.40] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1411461434014194&q={searchTerms}", ************************* AdwCleaner[R1].txt - [4351 octets] - [21/11/2012 22:02:12] AdwCleaner[R2].txt - [4411 octets] - [21/11/2012 22:06:01] AdwCleaner[R3].txt - [4471 octets] - [21/11/2012 22:29:51] AdwCleaner[R4].txt - [1023 octets] - [23/11/2012 22:31:15] AdwCleaner[s1].txt - [4434 octets] - [21/11/2012 22:30:29] ########## EOF - C:\AdwCleaner[R4].txt - [1143 octets] ##########
- November 23, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

ComboFix 12-11-23.02 - Ray Hall 23/11/2012 20:57:18.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3687.1968 [GMT 0:00] Running from: c:\users\Ray Hall\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Ray Hall\AppData\Local\common_functions.dll c:\users\Ray Hall\AppData\Local\ie_runner_app.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))) . . 2012-11-23 21:07 . 2012-11-23 21:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 20:47 . 2012-11-23 20:48 -------- d-----w- c:\programdata\MFAData 2012-11-23 20:47 . 2012-11-23 20:47 -------- d--h--w- c:\programdata\Common Files 2012-11-23 20:47 . 2012-11-23 20:47 -------- d-----w- c:\users\Ray Hall\AppData\Local\MFAData 2012-11-23 20:47 . 2012-11-23 20:47 -------- d-----w- c:\users\Ray Hall\AppData\Local\Avg2013 2012-11-23 20:09 . 2012-11-23 20:09 -------- d-----w- c:\users\Ray Hall\AppData\Roaming\PCCUStubInstaller 2012-11-23 19:45 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97B7D2F0-B435-4603-8504-0532620667BC}\mpengine.dll 2012-11-23 19:43 . 2012-11-23 19:43 -------- d-----w- C:\_OTL 2012-11-21 23:36 . 2012-11-21 23:36 -------- d-----w- c:\windows\ERUNT 2012-11-21 23:35 . 2012-11-21 23:35 -------- d-----w- C:\JRT 2012-11-21 20:53 . 2012-11-21 20:53 -------- d-----w- c:\users\Ray Hall\AppData\Roaming\Malwarebytes 2012-11-21 20:52 . 2012-11-21 20:52 -------- d-----w- c:\programdata\Malwarebytes 2012-11-21 20:52 . 2012-11-21 20:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-21 20:52 . 2012-09-29 19:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-16 00:17 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-16 00:17 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-16 00:17 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-16 00:17 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 00:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 00:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 00:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 00:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 00:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-16 00:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 00:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-10-26 09:42 . 2012-10-26 09:43 -------- d-----w- c:\program files (x86)\The Game of Life . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-31 21:21 . 2012-07-26 19:02 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-10-31 21:20 . 2012-07-26 19:01 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-10-31 21:20 . 2012-08-24 22:27 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-10-26 09:21 . 2012-08-24 22:27 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-10-26 09:21 . 2012-08-24 22:27 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-10-26 09:21 . 2012-07-26 19:01 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-09-14 19:19 . 2012-10-10 10:30 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-10 10:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-09-06 20:46 . 2012-09-06 20:46 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll 2012-08-31 18:19 . 2012-10-10 10:31 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-10 10:31 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 10:31 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-10 10:31 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] "Facebook Update"="c:\users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "Consumer Input Update"="c:\program files (x86)\Consumer Input\dca-ua.exe" [2011-11-29 251200] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-06 1353080] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-08 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-05 75904] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-05 38016] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-08 204288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-07-31 123320] S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-11 137512] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-09-27 76912] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216] S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 38098591 *NewlyCreated* - 46192536 *Deregistered* - 38098591 *Deregistered* - 46192536 . Contents of the 'Scheduled Tasks' folder . 2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000Core.job - c:\users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 19:53] . 2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000UA.job - c:\users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-11 19:53] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-08 03:12] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-08 03:12] . 2012-11-10 c:\windows\Tasks\Norton Security Scan for Ray Hall.job - c:\progra~2\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-27 09:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . SafeBoot-46192536.sys HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe AddRemove-Consumer Input Software - c:\program files (x86)\Consumer Input\uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-23 21:11:56 ComboFix-quarantined-files.txt 2012-11-23 21:11 . Pre-Run: 244,156,162,048 bytes free Post-Run: 243,781,267,456 bytes free . - - End Of File - - A4E60A469694B35515BF9F105726EB9D
- November 23, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Kaspersky did not find anything. The problem still exists. All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully. File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. File Protocol\Handler\wlpg - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ADS C:\ProgramData\TEMP:BCF55336 deleted successfully. ADS C:\ProgramData\TEMP:6764D965 deleted successfully. ADS C:\ProgramData\TEMP:B9A18B9C deleted successfully. ADS C:\ProgramData\TEMP:9491C9C7 deleted successfully. ADS C:\ProgramData\TEMP:E153075C deleted successfully. ADS C:\ProgramData\TEMP:F65A2273 deleted successfully. ADS C:\ProgramData\TEMP:8EA1B54A deleted successfully. ADS C:\ProgramData\TEMP:FEE00EB9 deleted successfully. ADS C:\ProgramData\TEMP:FBD274CF deleted successfully. ADS C:\ProgramData\TEMP:B96C57D4 deleted successfully. ADS C:\ProgramData\TEMP:7BB584AA deleted successfully. ADS C:\ProgramData\TEMP:B097AC8A deleted successfully. ADS C:\ProgramData\TEMP:B65E763D deleted successfully. ADS C:\ProgramData\TEMP:D3331ADB deleted successfully. ADS C:\ProgramData\TEMP:0B3F95D0 deleted successfully. ADS C:\ProgramData\TEMP:4C16B46B deleted successfully. ADS C:\ProgramData\TEMP:85EA4795 deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Ray Hall Total Java Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: Ray Hall ->Temp folder emptied: 174736777 bytes ->Temporary Internet Files folder emptied: 497370209 bytes ->Google Chrome cache emptied: 481898680 bytes ->Flash cache emptied: 28136223 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 474037383 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes RecycleBin emptied: 184304789 bytes Total Files Cleaned = 1,755.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: Ray Hall ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11232012_194329 Files\Folders moved on Reboot... File\Folder C:\Users\Ray Hall\AppData\Local\Temp\CVHLauncher(201211231942111190).log not found! File\Folder C:\Users\Ray Hall\AppData\Local\Temp\etilqs_GtBn8bykFqJb4h3 not found! File\Folder C:\Users\Ray Hall\AppData\Local\Temp\etilqs_I2WMymXcVGKD1oO not found! File\Folder C:\Users\Ray Hall\AppData\Local\Temp\etilqs_lnnAeia6sbIs236 not found! C:\Users\Ray Hall\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully. C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully. C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully. C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully. C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_4 moved successfully. C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\data_5 moved successfully. C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot...
- November 23, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Hi, My apologies for the length of time until my reply, I'm in the UK and it was past midnight. Whilst the main issue is better i.e the Nu Search browser is no longer coming up, I still have a problem that when I do a search in Google Chrome address bar, rather than google search results I get a DTS search followed by an ASK page with the results. This did not happen before. OTL logfile created on: 22/11/2012 20:08:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ray Hall\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.75% Memory free 7.20 Gb Paging File | 5.36 Gb Available in Paging File | 74.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.92 Gb Total Space | 223.62 Gb Free Space | 79.04% Space Free | Partition Type: NTFS Computer Name: RAYHALL-PC | User Name: Ray Hall | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/22 20:06:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe PRC - [2012/10/31 22:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2012/10/24 11:46:14 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe PRC - [2012/08/06 13:58:26 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe PRC - [2012/07/31 19:19:17 | 000,123,320 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe PRC - [2011/11/29 10:17:38 | 000,251,200 | ---- | M] (Compete, Inc.) -- C:\Program Files (x86)\Consumer Input\dca-ua.exe PRC - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011/07/19 15:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe ========== Modules (No Company Name) ========== MOD - [2012/10/31 22:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll MOD - [2012/10/31 22:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012/10/31 22:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/10/31 22:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/10/31 22:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/10/31 22:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/10/31 22:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/10/31 22:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012/10/24 11:46:13 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll MOD - [2012/10/24 11:46:10 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll MOD - [2012/10/24 11:46:10 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll MOD - [2012/10/24 11:46:10 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll MOD - [2012/10/24 11:46:10 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/28 23:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011/07/28 23:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Services (SafeList) ========== SRV:64bit: - [2011/06/10 04:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2011/06/08 05:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011/05/17 22:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2010/10/20 22:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV:64bit: - [2010/09/23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/10/24 11:46:14 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/31 19:19:17 | 000,123,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/10/01 07:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011/10/01 07:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011/07/19 15:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr) SRV - [2011/07/12 01:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010/10/12 17:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/01 07:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011/10/01 07:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011/10/01 07:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011/10/01 07:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/06/08 06:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/06/08 05:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/14 20:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/02/09 03:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2011/01/05 09:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce) DRV:64bit: - [2010/11/21 03:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 03:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 03:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/11 20:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/11/05 15:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2010/11/05 15:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2010/10/08 19:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/09/27 23:24:42 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2009/07/31 04:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009/07/14 23:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/07 17:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\..\SearchScopes,DefaultScope = {5A59D1C6-486E-42BC-8E80-EB0BC6750DBF} IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO'>http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\..\SearchScopes\{5A59D1C6-486E-42BC-8E80-EB0BC6750DBF}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enGB469 IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ray Hall\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/07/26 21:28:30 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Search Results (Enabled) CHR - default_search_provider: search_url = http://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1411461434014194&q={searchTerms} CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Ray Hall\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Skype Click to Call = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKU\S-1-5-21-3216919546-1354298898-611529325-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [] File not found O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3216919546-1354298898-611529325-1000..\Run: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe (Compete, Inc.) O4 - HKU\S-1-5-21-3216919546-1354298898-611529325-1000..\Run: [Facebook Update] C:\Users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3216919546-1354298898-611529325-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45BCF574-D48F-4F44-861B-C416806822FA}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/22 20:06:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe [2012/11/21 23:36:40 | 000,000,000 | ---D | C] -- C:\windows\ERUNT [2012/11/21 23:35:59 | 000,000,000 | ---D | C] -- C:\JRT [2012/11/21 20:53:51 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\Malwarebytes [2012/11/21 20:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/21 20:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/21 20:52:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/11/21 20:52:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/10/26 09:42:43 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Game of Life [2012/10/26 09:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Game of Life [2012/10/26 09:42:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Game of Life [2012/10/23 21:20:21 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\Rainbow [2012/10/23 21:16:16 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\Tape_Worm [2012/10/23 21:16:13 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\GirlsWithSecrets [2012/10/23 21:15:06 | 000,000,000 | ---D | C] -- C:\Users\Ray Hall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The Chronicles of Emerland Solitaire [2012/10/23 21:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Chronicles of Emerland Solitaire [2012/10/23 21:15:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Chronicles of Emerland Solitaire [2012/10/23 20:47:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx [2012/06/22 18:07:10 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Ray Hall\AppData\Local\log4cxx.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/22 20:06:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ray Hall\Desktop\OTL.exe [2012/11/22 20:03:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/22 20:03:44 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/22 20:02:44 | 005,212,448 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/11/22 20:02:44 | 002,441,848 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/11/22 20:02:44 | 000,006,442 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/11/22 19:56:13 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/22 19:56:05 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/11/22 19:55:37 | 2899,468,288 | -HS- | M] () -- C:\hiberfil.sys [2012/11/21 23:58:01 | 000,000,938 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000UA.job [2012/11/21 23:39:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/21 20:58:00 | 000,000,916 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-3216919546-1354298898-611529325-1000Core.job [2012/11/21 20:52:59 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/16 10:40:12 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/11/10 22:02:46 | 000,000,454 | -H-- | M] () -- C:\windows\tasks\Norton Security Scan for Ray Hall.job [2012/11/04 16:00:43 | 001,699,299 | ---- | M] () -- C:\Users\Ray Hall\Desktop\IMG-20121104-00273.jpg [2012/10/29 21:03:22 | 000,002,378 | ---- | M] () -- C:\Users\Ray Hall\Desktop\Sky Go Desktop.lnk [2012/10/26 09:43:19 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Play The Game of Life.lnk [2012/10/26 09:43:19 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk [2012/10/25 18:23:47 | 000,026,189 | ---- | M] () -- C:\Users\Ray Hall\Desktop\GENSO_SUIKODEN_by_aribuwana.jpg [2012/10/25 18:23:27 | 000,028,144 | ---- | M] () -- C:\Users\Ray Hall\Desktop\dragon_age___hawke_fv_by_yamao-d3j3rob.jpg [2012/10/25 18:22:51 | 001,694,760 | ---- | M] () -- C:\Users\Ray Hall\Desktop\dragon_age_ii_characters_by_mattrhodes-d3a6ll9.jpg [2012/10/25 18:19:51 | 000,140,722 | ---- | M] () -- C:\Users\Ray Hall\Desktop\witch_of_the_wilds_by_whisperingsoul-d3fpqfg.jpg [2012/10/23 21:17:10 | 000,002,160 | ---- | M] () -- C:\Users\Public\Desktop\Play The Chronicles of Emerland Solitaire.lnk [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/21 20:52:59 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/16 11:07:20 | 001,771,942 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10968 - Copy.JPG [2012/11/16 10:43:41 | 001,845,667 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10969.JPG [2012/11/16 10:43:30 | 001,771,942 | ---- | C] () -- C:\Users\Ray Hall\Desktop\SDC10968.JPG [2012/11/16 00:17:31 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/16 00:05:03 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/04 07:59:50 | 001,699,299 | ---- | C] () -- C:\Users\Ray Hall\Desktop\IMG-20121104-00273.jpg [2012/10/29 21:03:22 | 000,002,408 | ---- | C] () -- C:\Users\Ray Hall\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Go Desktop.lnk [2012/10/29 21:03:22 | 000,002,378 | ---- | C] () -- C:\Users\Ray Hall\Desktop\Sky Go Desktop.lnk [2012/10/26 09:43:19 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Play The Game of Life.lnk [2012/10/26 09:43:19 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk [2012/10/25 18:23:46 | 000,026,189 | ---- | C] () -- C:\Users\Ray Hall\Desktop\GENSO_SUIKODEN_by_aribuwana.jpg [2012/10/25 18:23:25 | 000,028,144 | ---- | C] () -- C:\Users\Ray Hall\Desktop\dragon_age___hawke_fv_by_yamao-d3j3rob.jpg [2012/10/25 18:22:51 | 001,694,760 | ---- | C] () -- C:\Users\Ray Hall\Desktop\dragon_age_ii_characters_by_mattrhodes-d3a6ll9.jpg [2012/10/25 18:19:50 | 000,140,722 | ---- | C] () -- C:\Users\Ray Hall\Desktop\witch_of_the_wilds_by_whisperingsoul-d3fpqfg.jpg [2012/10/23 21:17:10 | 000,002,160 | ---- | C] () -- C:\Users\Public\Desktop\Play The Chronicles of Emerland Solitaire.lnk [2012/06/22 18:07:10 | 000,196,608 | ---- | C] () -- C:\Users\Ray Hall\AppData\Local\common_functions.dll [2012/06/22 14:00:08 | 000,788,548 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/12/08 02:29:31 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2011/12/08 02:15:49 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2011/12/08 02:12:18 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2011/11/29 10:40:04 | 000,114,688 | ---- | C] () -- C:\Users\Ray Hall\AppData\Local\ie_runner_app.exe ========== ZeroAccess Check ========== [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 03:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/08/31 12:16:08 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\BlamGames [2012/02/07 22:59:50 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\Book Place [2012/09/10 21:30:01 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\ERS Game Studios [2012/10/23 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\GameMill Entertainment [2012/10/23 21:19:34 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\GirlsWithSecrets [2012/10/23 19:35:51 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\northern_tale_bfg_en [2012/08/31 14:17:21 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\Orneon [2012/10/23 21:20:21 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\Rainbow [2012/10/06 13:07:06 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\SoftGrid Client [2012/06/30 10:29:05 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\Sports Interactive [2012/10/23 21:16:16 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\Tape_Worm [2012/02/03 17:02:28 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\Tific [2012/01/29 04:59:05 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\Toshiba [2012/07/30 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\TP [2012/10/19 12:44:59 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\WildTangent [2012/01/29 04:53:01 | 000,000,000 | ---D | M] -- C:\Users\Ray Hall\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 248 bytes -> C:\ProgramData\TEMP:BCF55336 @Alternate Data Stream - 245 bytes -> C:\ProgramData\TEMP:6764D965 @Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:B9A18B9C @Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:9491C9C7 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:E153075C @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:F65A2273 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8EA1B54A @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FEE00EB9 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:FBD274CF @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:B96C57D4 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7BB584AA @Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B097AC8A @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:B65E763D @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D3331ADB @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0B3F95D0 @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4C16B46B @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:85EA4795 < End of report > OTL Extras logfile created on: 22/11/2012 20:08:00 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ray Hall\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.60 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 59.75% Memory free 7.20 Gb Paging File | 5.36 Gb Available in Paging File | 74.39% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 282.92 Gb Total Space | 223.62 Gb Free Space | 79.04% Space Free | Partition Type: NTFS Computer Name: RAYHALL-PC | User Name: Ray Hall | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3216919546-1354298898-611529325-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{062B9722-F852-4785-9C54-8849D8E83522}" = lport=10243 | protocol=6 | dir=in | app=system | "{1D2E92A6-927C-4BF5-8982-953718FF8806}" = lport=445 | protocol=6 | dir=in | app=system | "{272C5C90-63C7-4406-8A1E-A718B493C81D}" = lport=2869 | protocol=6 | dir=in | app=system | "{2EB520E0-E7F1-473D-822C-C849122B68C9}" = rport=445 | protocol=6 | dir=out | app=system | "{2EDF1FA3-8386-4563-9BD8-FEA63B71DA8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{39D73F26-2FCF-497C-8040-884526EA2650}" = rport=137 | protocol=17 | dir=out | app=system | "{43FD5422-C754-41E9-80F0-F7306695CD76}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{501B096A-328B-4EE1-89D0-72F412EE9ACB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5462F536-DDBA-4F0C-91DE-5F6550D795AA}" = rport=138 | protocol=17 | dir=out | app=system | "{625A3794-204B-4547-9438-1D9CAF816501}" = lport=138 | protocol=17 | dir=in | app=system | "{853184F5-3D4B-4381-8B6B-E1576D869382}" = rport=139 | protocol=6 | dir=out | app=system | "{95533DE4-91F4-4366-86A6-EABAF293EF42}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9EB8C342-359C-4CF4-9F33-E5C592BEFB2C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{A1C24EA8-19E7-4602-9238-531439B12FAD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7CE90BA-B9F4-4DB8-8259-62D540BF51CA}" = lport=139 | protocol=6 | dir=in | app=system | "{B1A7E24D-8915-44C2-9B02-FA15BE709CBD}" = lport=137 | protocol=17 | dir=in | app=system | "{D09F841C-3ED7-4C01-9C4F-C0D9B114F558}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{D1150625-712A-4DD3-BF70-D92BF42EE09C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{D5AFC666-971B-480A-B03F-D428BAF4BCDC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EF6CBEAF-0D28-47F3-8375-4006C02E2CC3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EFB12597-0571-4C02-912D-6733B557A69D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F0D32A28-30F6-49C5-BEA8-88BE5B97DF20}" = rport=10243 | protocol=6 | dir=out | app=system | "{FE075087-EB4B-4CB2-8219-BDFDCB6861D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07150935-F6E5-4EA8-AE03-53B215F8F94D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{07299897-8A98-40B0-9A61-02C03C82A5B7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1010BF91-22B3-4F73-82FC-A37D3DA7F25C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{10D38C11-645F-4548-8B9E-6FC76EF0BFB3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{133BC52D-2479-4E99-9F6E-61FE0BF51EB1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{18E36171-96E6-486F-BF4E-777316285C52}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1CBD5C9C-8100-4CF5-B38C-72F11483F337}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{21A835B3-C079-4E90-B814-DC2B35E81EB6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{381D9A92-3290-4259-AE5B-FA2C6F57A10C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{3C8ED9E3-A07F-4BF8-8452-E16E2B3ACD0F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{47FA6560-C541-4705-AC26-3607B4C78022}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4D9B4205-E8B1-4FC0-A4D0-D042503C081D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{6949ED6A-2DAF-4E93-8CB6-C160FE038292}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{818B8FBE-1C5F-4F6A-A640-27581A51B494}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{8CBE8C29-CABF-4425-8CD1-82D29B5F8DD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{94B3577B-C600-4D63-BB01-B011AE2F1C96}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{961B61CE-FE23-4D42-A86A-3DDFE08D96BE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9E1164E8-FD59-4E66-9E7C-D56C8B77A379}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A33D1F54-24D5-4CF2-91ED-B915DE13AF9D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A75294BF-6D28-4190-9F30-9486B0656966}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{AD41FAD4-F384-45E1-B841-68F1F467535F}" = protocol=6 | dir=out | app=system | "{B058D29B-D975-4EA2-A245-2F3C1313080D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4FA86C1-BF33-4526-AC62-963581D5BA86}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C0AD79DE-B55E-482B-A5FE-EC0F50AD5DF6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{C0E359EA-FEB1-4E46-91D2-0EA25ECE8DFF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C5D9F459-6A2D-4B8F-8600-2360469C2F1C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe | "{C6A8F6B3-0523-4250-8083-DC35D722FC15}" = dir=in | app=c:\users\ray hall\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{D90F4A9A-1F47-44C9-8C0A-62EFACA77B00}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D91E9676-700F-41F0-B87E-C0CFC460D64A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{DA669FCD-EEF5-4039-B33D-C9E53C2D18FC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC5F0A2F-B28D-4402-8553-3AB4A39A6A3D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\football manager 2012\fm.exe | "{E3647959-5CFE-4A45-A73B-0138EFACA091}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{E8A85C1B-3FFB-4E56-AFE4-7A9903C5BA5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EE333871-2513-41F6-877A-A0D9D3555E59}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{2EF52F09-BA7A-4ADE-9681-42F276E54644}C:\program files (x86)\gamespy arcade\aphex.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | "UDP Query User{34992A6D-E2D7-4BC2-A00A-576DB2E9E939}C:\program files (x86)\gamespy arcade\aphex.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gamespy arcade\aphex.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "{4ACA5AE7-E68C-5A48-F8E6-D67946267506}" = ATI Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6316805C-2485-2FF5-974C-750E3BE1DF65}" = AMD Media Foundation Decoders "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{A34D9B7F-8453-DA02-DC98-EEEE085411C6}" = ccc-utility64 "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "CNXT_AUDIO_HDA" = Conexant HD Audio "Elantech" = ETDWare PS/2-X64 8.0.8.0_R01 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0146E330-EEE7-B924-B347-B399460893ED}" = CCC Help Czech "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "{09927C92-A652-057A-3A7B-153F23175C58}" = CCC Help Dutch "{0AF17224-CF88-40B8-BB1A-D179369847B4}" = TOSHIBA Supervisor Password "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0 "{109CBCC5-7151-1CC6-DAD6-6F7DD3162A8A}" = Catalyst Control Center InstallProxy "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{19E40731-8E1A-07FB-DA7D-8A54603F6408}" = CCC Help English "{1B97813D-74A7-25EB-4837-792413507E82}" = CCC Help Danish "{1CF94211-A7BB-8151-44B8-6618C5A162F8}" = CCC Help Portuguese "{1D7FEEAC-6CEE-5B5F-A8B0-9BE7A6BCB7FB}" = CCC Help Chinese Traditional "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{247E03D2-485B-7A70-BF5C-AB9BDF6AFB44}" = CCC Help Polish "{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2A48215C-E018-4F4B-9285-3CDC88C6992A}" = Myth III - The Wolf Age "{2EEFB3C4-4706-C2B5-DF69-CF914D87BCE4}" = CCC Help Swedish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{337FDED7-D27B-E476-E888-3674E1C01C69}" = CCC Help Spanish "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{4485C9D0-A742-F1BB-C0B0-58FC61960D99}" = CCC Help Korean "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration "{666E35A7-A224-E3E9-48C2-C641837535D9}" = Catalyst Control Center Localization All "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{8064A378-46F4-4A4E-8AF5-153D0D4018DD}" = Catalyst Control Center - Branding "{83601916-2E71-F1C7-EE5F-A1C985BC9217}" = CCC Help German "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A34A135-D405-DD03-9B2E-0EB99238A312}" = CCC Help Finnish "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9550EA6C-4CBE-C1F3-1E1C-5E87F2C645ED}" = CCC Help French "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer "{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}" = TOSHIBA Hardware Setup "{97F67013-3076-4261-DC10-808409655042}" = AMD VISION Engine Control Center "{986BB897-C295-2FED-8DCA-4ADE3AFCEF84}" = CCC Help Russian "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A4FF8F4E-D665-712B-07EE-F03ED360E9BE}" = CCC Help Italian "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI "{ADB50F70-98FF-067F-DF39-47DD83E32D58}" = CCC Help Chinese Standard "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B83FCE14-53D5-CBF8-87E9-59B8968ADB4C}" = CCC Help Norwegian "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist "{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C78E3449-4F24-839B-5F7A-6911C67A5BE9}" = Catalyst Control Center Graphics Previews Common "{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6E90970-BA9C-51AA-EFA2-9F80A7AE0956}" = CCC Help Thai "{D826A52E-0AC9-5A55-61B8-0E088477A1B0}" = CCC Help Greek "{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E69540AC-FFC3-5519-F925-5ACC8D20DED5}" = CCC Help Hungarian "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application "{E9D96BD5-7D33-7ED3-0A8E-229FA2524487}" = CCC Help Turkish "{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F41C11EC-7C13-47A7-A07C-251D96EC3879}" = Broken Sword - The Angel of Death "{F931F27F-A967-982A-9226-494787D5FBBB}" = CCC Help Japanese "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "BFGC" = Big Fish Games: Game Manager "BFG-Monopoly" = Monopoly ® "BFG-The Chronicles of Emerland Solitaire" = The Chronicles of Emerland Solitaire "BFG-The Game of Life" = The Game of Life ® "DivX Setup" = DivX Setup "GameSpy Arcade" = GameSpy Arcade "Google Chrome" = Google Chrome "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package "InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board "InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime "InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000 "NortonPCCheckup" = Toshiba Laptop Checkup "NSS" = Norton Security Scan "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Steam App 71270" = Football Manager 2012 "WildTangent toshiba Master Uninstall" = WildTangent Games "WinLiveSuite" = Windows Live Essentials "WTA-2c94979f-b4f8-4467-a6e9-e39d6872ecdb" = Bejeweled 3 "WTA-2f4d80a5-65a9-4218-adfa-206a1d2b3f49" = Polar Bowler "WTA-31b0618c-fd89-4bfe-ac0e-d3184b238397" = Penguins! "WTA-40cdef48-a911-4a9e-b8b3-d506cd070e5e" = Plants vs. Zombies - Game of the Year "WTA-b1c8f6a8-a329-40ec-9691-5a7512af7059" = Letters from Nowhere 2 "WTA-b6386fec-5850-46c3-b04d-0b4fca07a0fd" = RollerCoaster Tycoon 3: Platinum "WTA-b6eb3ace-b44d-4e17-b7c4-fe8a0ca6c75f" = FATE - The Traitor Soul "WTA-d3555fbf-ef49-4097-b2e3-8b4a0c8107ad" = Zuma's Revenge "WTA-e28dc163-dfe4-410c-b5b5-fa31683ba1fe" = Tales of Lagoona ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3216919546-1354298898-611529325-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "3382114094.go.sky.com" = Sky Go Desktop "Consumer Input Software" = Consumer Input Software (remove only) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 22/11/2012 15:56:31 | Computer Name = RayHall-PC | Source = Toshiba App Place | ID = 0 Description = Error - 22/11/2012 15:57:29 | Computer Name = RayHall-PC | Source = WinMgmt | ID = 10 Description = Error - 22/11/2012 16:02:40 | Computer Name = RayHall-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012 Description = The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error - 22/11/2012 16:02:40 | Computer Name = RayHall-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011 Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. [ System Events ] Error - 21/11/2012 20:08:21 | Computer Name = RayHall-PC | Source = DCOM | ID = 10010 Description = < End of report >
- November 22, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Same thing
- November 21, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.4.1 (11.21.2012) OS: Windows 7 Home Premium x64 Ran by Ray Hall on 21/11/2012 at 23:36:42.82 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\clsid\{f34c9277-6577-4dff-b2d7-7d58092f272f} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Ray Hall\AppData\Roaming\pccustubinstaller" Successfully deleted: [Folder] "C:\Users\Ray Hall\appdata\locallow\datamngr" Failed to delete: [Folder] "C:\Program Files (x86)\consumer input" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/11/2012 at 23:47:13.66 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- November 21, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Its not fixed quite. When i do a search in google chrome address bar it does an ask search rather than a google search.
- November 21, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

I think so, thank you very much you guys are brilliant!! Do you know what this adware does? My wife has paid for items online since she downloaded it. Should I be worried?
- November 21, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Google Chrome - Came up with a message stating that the preferences file was either invalid or corrupt on loading but nu-search is now gone and it appears to now load ok. IE came up with a manage addons box when starting but no nusearch page Results below. # AdwCleaner v2.008 - Logfile created 11/21/2012 at 22:30:29 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Ray Hall - RAYHALL-PC # Boot Mode : Normal # Running from : C:\Users\Ray Hall\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\boost_interprocess Folder Deleted : C:\Users\Ray Hall\AppData\LocalLow\boost_interprocess Folder Deleted : C:\Users\RAYHAL~1\AppData\Local\Temp\boost_interprocess ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Compete Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc Key Deleted : HKCU\Software\Compete Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\ilivid Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1 Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9} Key Deleted : HKLM\Software\CompeteInc Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} Key Deleted : HKLM\SOFTWARE\DataMngr Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Deleted : HKLM\SOFTWARE\Software ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 --> hxxp://www.google.com -\\ Google Chrome v [unable to get version] File : C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.12] : homepage = "hxxp://www.searchnu.com/406", Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://google.co.uk/" ] Deleted [l.66] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid[...] Deleted [l.1467] : homepage = "hxxp://www.searchnu.com/406", Deleted [l.1863] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://google.co.uk/" ] ************************* AdwCleaner[R1].txt - [4351 octets] - [21/11/2012 22:02:12] AdwCleaner[R2].txt - [4411 octets] - [21/11/2012 22:06:01] AdwCleaner[R3].txt - [4471 octets] - [21/11/2012 22:29:51] AdwCleaner[s1].txt - [4317 octets] - [21/11/2012 22:30:29] ########## EOF - C:\AdwCleaner[s1].txt - [4377 octets] ##########
- November 21, 2012
- 32 replies
Help - Searchnu problem

Twohands108 replied to Twohands108's topic in Resolved Malware Removal Logs

Thank you very much # AdwCleaner v2.008 - Logfile created 11/21/2012 at 22:02:12 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Ray Hall - RAYHALL-PC # Boot Mode : Normal # Running from : C:\Users\Ray Hall\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\Users\Ray Hall\AppData\LocalLow\boost_interprocess Folder Found : C:\Users\RAYHAL~1\AppData\Local\Temp\boost_interprocess ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Compete Key Found : HKCU\Software\AppDataLow\Software\CompeteInc Key Found : HKCU\Software\Compete Key Found : HKCU\Software\DataMngr Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} Key Found : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9} Key Found : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2} Key Found : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor Key Found : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1 Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca Key Found : HKLM\SOFTWARE\Classes\dcabho.Dca.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9} Key Found : HKLM\Software\CompeteInc Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C} Key Found : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4} Key Found : HKLM\SOFTWARE\DataMngr Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Software Key Found : HKU\S-1-5-21-3216919546-1354298898-611529325-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406 -\\ Google Chrome v [unable to get version] File : C:\Users\Ray Hall\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.12] : homepage = "hxxp://www.searchnu.com/406", Found [l.16] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://google.co.uk/" ] Found [l.66] : search_url = "hxxp://dts.search-results.com/sr?src=crb&gct=ds&appid=394&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=1411461434014194&q={searchTerms}", Found [l.1467] : homepage = "hxxp://www.searchnu.com/406", Found [l.1846] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406", "hxxp://google.co.uk/" ] ************************* AdwCleaner[R1].txt - [4234 octets] - [21/11/2012 22:02:12] ########## EOF - C:\AdwCleaner[R1].txt - [4294 octets] ##########
- November 21, 2012
- 32 replies
Help - Searchnu problem

Twohands108 posted a topic in Resolved Malware Removal Logs

Hi Please Help. I get Search nu page pop up every time we load any search engine. I have tried running a quick scan through malwarebytes but this didnt help. Stupidly I read somewhere to remove the programs and tried removing the 2 programs installed yesterday. One was called Ilivid and the other was something like search bar. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by Ray Hall at 21:08:08 on 2012-11-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3687.2138 [GMT 0:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files (x86)\Consumer Input\dca-ua.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\wuauclt.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\sppsvc.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchnu.com/406 uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y uProxyOverride = <local>;*.local mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Consumer Input\dca-bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [Facebook Update] "C:\Users\Ray Hall\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Consumer Input Update] C:\Program Files (x86)\Consumer Input\dca-ua.exe uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRunOnce: [removeiLividdatamngr] cmd.exe /c RD /S /Q "C:\Program Files (x86)\Search Results Toolbar" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{45BCF574-D48F-4F44-861B-C416806822FA} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{45BCF574-D48F-4F44-861B-C416806822FA}\244584F6D65684572623D234A54505 : DHCPNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2011-12-8 75904] R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2011-12-8 38016] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2011-12-8 204288] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-12-8 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-8 126392] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512] R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2011-12-8 9216] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-9-27 76912] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-8 38096] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-8 1109096] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-12-8 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-8 243712] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2011-8-2 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-4 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184] . =============== Created Last 30 ================ . 2012-11-21 20:53:51 -------- d-----w- C:\Users\Ray Hall\AppData\Roaming\Malwarebytes 2012-11-21 20:52:58 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-21 20:52:57 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-11-21 20:52:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-20 21:34:23 -------- d-----w- C:\ProgramData\boost_interprocess 2012-11-20 21:34:19 -------- d-----w- C:\Program Files (x86)\Search Results Toolbar 2012-11-20 17:01:37 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA2C1E64-4BD6-4B6B-A5E3-AF39EF9F9330}\mpengine.dll 2012-11-16 00:17:28 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-16 00:17:28 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-16 00:17:28 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-16 00:17:28 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-16 00:05:08 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-16 00:05:08 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-16 00:05:06 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-16 00:05:06 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-16 00:05:05 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-16 00:05:04 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-16 00:05:04 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-10-26 09:42:43 -------- d-----w- C:\Program Files (x86)\The Game of Life 2012-10-23 21:20:21 -------- d-----w- C:\Users\Ray Hall\AppData\Roaming\Rainbow 2012-10-23 21:16:16 -------- d-----w- C:\Users\Ray Hall\AppData\Roaming\Tape_Worm 2012-10-23 21:16:13 -------- d-----w- C:\Users\Ray Hall\AppData\Roaming\GirlsWithSecrets 2012-10-23 21:15:06 -------- d-----w- C:\Program Files (x86)\The Chronicles of Emerland Solitaire 2012-10-23 20:47:48 -------- d-----w- C:\windows\SysWow64\directx 2012-10-23 20:04:04 -------- d-----w- C:\Users\Ray Hall\AppData\Roaming\GameMill Entertainment 2012-10-23 19:35:32 -------- d-----w- C:\Users\Ray Hall\AppData\Roaming\northern_tale_bfg_en 2012-10-23 19:31:51 -------- d-----w- C:\ProgramData\HDG 2012-10-23 19:26:24 -------- d-----w- C:\Users\Ray Hall\AppData\Local\Big Fish 2012-10-23 19:14:13 -------- d-----w- C:\ProgramData\Big Fish . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-09-06 20:46:45 98304 ----a-w- C:\windows\SysWow64\CmdLineExt.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll . ============= FINISH: 21:08:55.68 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 29/01/2012 04:52:40 System Uptime: 21/11/2012 20:29:59 (1 hours ago) . Motherboard: TOSHIBA | | Portable PC Processor: AMD E-300 APU with Radeon HD Graphics | Socket FT1 | 1105/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 223.634 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP85: 23/10/2012 19:27:56 - Windows Update RP86: 23/10/2012 21:56:40 - Installed DirectX RP87: 30/10/2012 08:58:35 - Windows Update RP88: 02/11/2012 10:04:37 - Windows Update RP89: 06/11/2012 09:10:45 - Windows Update RP90: 13/11/2012 14:29:23 - Windows Update RP91: 16/11/2012 00:04:15 - Windows Update RP92: 20/11/2012 17:00:06 - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader X MUI AMD Media Foundation Decoders AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver ATI Catalyst Install Manager Bejeweled 3 Big Fish Games: Game Manager Bonjour Broken Sword - The Angel of Death Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Conexant HD Audio Consumer Input Software (remove only) D3DX10 DivX Setup ETDWare PS/2-X64 8.0.8.0_R01 Facebook Video Calling 1.2.0.287 FATE - The Traitor Soul Football Manager 2012 GameSpy Arcade Google Chrome Google Toolbar for Internet Explorer Google Update Helper iTunes Java Auto Updater Java 6 Update 25 Junk Mail filter update Label@Once 1.0 Letters from Nowhere 2 Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Monopoly ® MSVCRT MSVCRT_amd64 Myth III - The Wolf Age Norton Security Scan Penguins! Plants vs. Zombies - Game of the Year PlayReady PC Runtime amd64 PlayReady PC Runtime x86 Polar Bowler QuickTime Realtek USB 2.0 Card Reader Realtek WLAN Driver RollerCoaster Tycoon 3: Platinum Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sky Go Desktop Skype Click to Call Skype Launcher Skype™ 5.10 Steam Tales of Lagoona The Chronicles of Emerland Solitaire The Game of Life ® Toshiba App Place TOSHIBA Application Installer TOSHIBA Assist Toshiba Book Place TOSHIBA Bulletin Board TOSHIBA Disc Creator TOSHIBA Face Recognition TOSHIBA Hardware Setup TOSHIBA HDD/SSD Alert Toshiba Laptop Checkup TOSHIBA Media Controller Toshiba Online Backup TOSHIBA Quality Application TOSHIBA Recovery Media Creator TOSHIBA ReelTime TOSHIBA Service Station TOSHIBA Supervisor Password TOSHIBA Value Added Package TOSHIBA Web Camera Application TOSHIBARegistration Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update Installer for WildTangent Games App VC80CRTRedist - 8.0.50727.6195 WildTangent Games WildTangent Games App (Toshiba Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Zuma's Revenge . ==== Event Viewer Messages From Past Week ======== . 20/11/2012 11:00:03, Error: Service Control Manager [7023] - The iPod Service service terminated with the following error: %%-2147417831 16/11/2012 21:52:46, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service. . ==== End Of File =========================== Any help would be much appreaciated.
- November 21, 2012
- 32 replies

Sign In

Twohands108

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by Twohands108

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Help - Searchnu problem

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information