killerhippo10
-
Posts
25 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by killerhippo10
-
-
Allright cool, I reinstalled it and now everything works perfectly. I just have a question about all of the tools and files we have used, can I get rid of them?
-
Sorry about the delay. I had somethings I had to take care of. I installed that new verson of Java and Adobe and everything looks good. The only problem is for some reason, when I try to click on the quarantine tab in Malwarebytes it freezes, stops responding, and closes.
-
It's running awesome now, havn't noticed any problems yet
-
Think it worked this time, sorry about that.
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{986852BD-0A7E-419C-93CB-22140280F591}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{986852BD-0A7E-419C-93CB-22140280F591}\ not found.
C:\Users\Chappy\AppData\Roaming\lyjsb moved successfully.
C:\Users\Chappy\AppData\Roaming\lj1y6nb.dat moved successfully.
C:\Users\Chappy\AppData\Roaming\aftr4sb.dat moved successfully.
C:\Users\Chappy\AppData\Roaming\slr8k5s.dat moved successfully.
C:\Users\Chappy\random.dat moved successfully.
C:\Users\Chappy\AppData\Local\igd1do7ncmdut05j26sqo20 moved successfully.
C:\ProgramData\igd1do7ncmdut05j26sqo20 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Chappy\Desktop\cmd.bat deleted successfully.
C:\Users\Chappy\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Chappy
->Temp folder emptied: 26109937 bytes
->Temporary Internet Files folder emptied: 18479369 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 841 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1824 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 516 bytes
Total Files Cleaned = 43.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01032013_064514
Files\Folders moved on Reboot...
C:\Users\Chappy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Chappy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SWL6YAM1\fastbutton[1].htm not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
All processes killed
Error: Unable to interpret <:OTLO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.IE - HKCU\..\SearchScopes\{986852BD-0A7E-419C-93CB-22140280F591}: "URL" = http://websearch.ask...38-C013FA07EE45[2012/10/03 21:07:31 | 000,001,056 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\lyjsb[2012/10/03 14:48:32 | 000,090,176 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\lj1y6nb.dat[2012/10/03 14:48:31 | 000,086,080 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\aftr4sb.dat[2012/10/03 14:48:30 | 000,060,992 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\slr8k5s.dat[2012/01/12 01:32:28 | 000,000,024 | ---- | C] () -- C:\Users\Chappy\random.dat[2012/01/12 00:13:45 | 000,011,508 | --S- | C] () -- C:\Users\Chappy\AppData\Local\igd1do7ncmdut05j26sqo20[2012/01/12 00:13:45 | 000,011,508 | --S- | C] () -- C:\ProgramData\igd1do7ncmdut05j26sqo20:Filesipconfig /flushdns /c:Commands[resethosts][emptytemp][Reboot]> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 01032013_061354
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Sorry, I don't know why it came out like that.
-
OTL Extras logfile created on: 1/3/2013 4:45:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chappy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.87 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.58% Memory free
15.73 Gb Paging File | 12.97 Gb Available in Paging File | 82.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.57 Gb Total Space | 358.78 Gb Free Space | 39.14% Space Free | Partition Type: NTFS
Computer Name: KILLERHIPPO | User Name: Chappy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16989770-7909-4333-83D4-4A12ABBFD825}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E0BED61-F073-4292-AED5-9FBAF9C5053E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{29189FC2-4312-409F-AD7F-370D199F2F0D}" = rport=138 | protocol=17 | dir=out | app=system |
"{3277BB5C-A638-43DD-A0CF-06BA9335B780}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3454A5B5-0251-45C2-BF75-E10CBAD5906E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D066544-C573-4069-ADA9-657476E2D790}" = lport=138 | protocol=17 | dir=in | app=system |
"{5B820780-A832-4E1D-AB54-D74FC021053A}" = rport=139 | protocol=6 | dir=out | app=system |
"{5EFC7D50-1115-4E51-9FD8-51DAC2CDA64E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6443566D-E241-4CE1-942E-445D7365A334}" = lport=139 | protocol=6 | dir=in | app=system |
"{78C5A1CC-37E9-4150-8599-B705EB6F5A00}" = rport=137 | protocol=17 | dir=out | app=system |
"{7B58F3C1-575A-4F41-AC7A-5DA5E641C2B7}" = lport=445 | protocol=6 | dir=in | app=system |
"{83FFE182-D8F5-4C06-BF51-A58035199A8C}" = rport=445 | protocol=6 | dir=out | app=system |
"{D6CB7C72-06C4-4CA3-BB67-FE37127A53C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DD057925-1D16-40FC-9D36-15C119C4D9D9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112959FE-3E3E-44F3-B656-7374C96C094F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2C3B9550-9358-4B26-83FD-CADED646BDEF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{361A39A1-EC15-473A-8F7B-51DEABF4DB67}" = protocol=58 | dir=in | app=system |
"{3C1CF882-BF7F-44E7-8C17-75D31C87EA68}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{73A7B9BD-582E-41BB-B439-17167F0F7E55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8C4A7DA9-D802-4DD4-847C-998C4688F373}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"TCP Query User{73B67501-FB90-44C8-89E6-C541B759A138}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{B570AFF2-3CA1-404C-A338-99903CD79235}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{F5A33D14-F331-41CC-B04D-9D2972D58600}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"UDP Query User{8299FD19-D343-4E44-81B8-2C27A43D50CB}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{A5C5819B-8632-47D2-9B14-7DD8C88B0CA2}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{FBCFCA0B-CECE-4573-ACAF-C51949840CB2}C:\program files (x86)\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit)
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 30
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}" = Six Updater
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C0276B4-46A1-4496-AEC6-D5BD12B91D0D}" = DayZ Commander
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59308225-510C-4492-A7E4-71625FAD545E}" = Simple Adblock
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95C5F81D-0779-4932-BE83-32AAF814F4B9}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BattlEye for OA" = BattlEye for OA Uninstall
"Cisco Connect" = Cisco Connect
"Dell Dock" = Dell Dock
"Diablo III" = Diablo III
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"GoToAssist" = GoToAssist 8.0.0.514
"Guild Wars" = Guild Wars
"Guild Wars 2" = Guild Wars 2
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"NortonPCCheckup" = Norton PC Checkup
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ooVoo Toolbar" = ooVoo Toolbar
"PunkBusterSvc" = PunkBuster Services
"Steam App 13140" = America's Army 3
"Steam App 22380" = Fallout: New Vegas
"Steam App 33900" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 550" = Left 4 Dead 2
"VICI_is1" = VICI V1.0
"VLC media player" = VLC media player 1.1.11
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/3/2013 1:13:31 AM | Computer Name = KillerHippo | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 1/3/2013 1:13:31 AM | Computer Name = KillerHippo | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 1/3/2013 1:24:09 AM | Computer Name = KillerHippo | Source = Swapdrive Backup | ID = 0
Description =
Error - 1/3/2013 12:43:31 AM | Computer Name = KillerHippo | Source = Swapdrive Backup | ID = 0
Description =
Error - 1/3/2013 6:05:40 AM | Computer Name = KillerHippo | Source = Swapdrive Backup | ID = 0
Description =
Error - 1/3/2013 6:21:01 AM | Computer Name = KillerHippo | Source = Swapdrive Backup | ID = 0
Description =
Error - 1/3/2013 6:25:27 AM | Computer Name = KillerHippo | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 1/3/2013 6:25:28 AM | Computer Name = KillerHippo | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 1/3/2013 6:31:15 AM | Computer Name = KillerHippo | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1b1c Start
Time: 01cde99c7d0128ff Termination Time: 6 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:
Error - 1/3/2013 7:21:33 AM | Computer Name = KillerHippo | Source = MsiInstaller | ID = 11730
Description =
[ Dell Events ]
Error - 5/1/2011 3:03:33 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 8/15/2012 2:02:58 AM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 8/15/2012 2:02:58 AM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2012 5:00:48 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2012 5:00:49 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2012 5:03:22 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2012 5:03:22 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2012 5:05:21 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2012 5:05:21 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 10/4/2012 5:16:18 PM | Computer Name = KillerHippo | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
[ System Events ]
Error - 1/3/2013 7:19:38 AM | Computer Name = KillerHippo | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 48.
Error - 1/3/2013 7:26:20 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7000
Description = The Common Client Job Manager Service service failed to start due
to the following error: %%2
Error - 1/3/2013 7:27:23 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 1/3/2013 7:27:53 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 1/3/2013 7:28:27 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7000
Description = The Norton PC Checkup Application Launcher service failed to start
due to the following error: %%2
Error - 1/3/2013 7:29:15 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 1/3/2013 7:31:26 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7000
Description = The Common Client Job Manager Service service failed to start due
to the following error: %%2
Error - 1/3/2013 7:33:06 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.
Error - 1/3/2013 7:33:32 AM | Computer Name = KillerHippo | Source = Service Control Manager | ID = 7000
Description = The Norton PC Checkup Application Launcher service failed to start
due to the following error: %%2
Error - 1/3/2013 7:38:14 AM | Computer Name = KillerHippo | Source = DCOM | ID = 10010
Description =
< End of report >
-
OTL logfile created on: 1/3/2013 4:45:03 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chappy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.87 Gb Total Physical Memory | 5.79 Gb Available Physical Memory | 73.58% Memory free
15.73 Gb Paging File | 12.97 Gb Available in Paging File | 82.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.57 Gb Total Space | 358.78 Gb Free Space | 39.14% Space Free | Partition Type: NTFS
Computer Name: KILLERHIPPO | User Name: Chappy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/01/03 04:44:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chappy\Desktop\OTL.exe
PRC - [2012/12/20 13:36:48 | 000,541,760 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/03 12:35:25 | 001,354,736 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/12/03 07:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/10/14 18:41:54 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/11 12:58:40 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/02/23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/09/06 10:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/01 10:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/10/29 12:06:08 | 005,915,480 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2009/12/29 13:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 13:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
========== Modules (No Company Name) ==========
MOD - [2013/01/01 03:05:32 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2013/01/01 03:04:03 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/12/31 18:30:18 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/12/31 18:30:11 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll
MOD - [2012/12/31 18:29:56 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/12/31 18:29:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/12/31 18:29:39 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/12/31 18:29:37 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/12/31 18:29:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/12/31 18:29:27 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/12/31 18:29:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/12/31 18:29:23 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/12/31 18:29:20 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/12/20 13:37:45 | 000,647,168 | ---- | M] () -- C:\Program Files (x86)\Steam\sdl.dll
MOD - [2012/12/20 13:36:45 | 020,320,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/12/20 13:36:38 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/20 13:36:38 | 000,969,280 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/12/20 13:36:38 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/20 13:36:38 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 08:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/29 12:02:38 | 000,751,616 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
MOD - [2010/10/29 12:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/05/07 17:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 17:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 17:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 17:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 17:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/11/13 13:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 13:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 13:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 13:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 13:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 13:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/04/22 13:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 15:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 14:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 14:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 14:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 14:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 14:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 14:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 14:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 14:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 14:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
========== Services (SafeList) ==========
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 06:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/12/20 13:36:48 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/11 13:30:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/03 07:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/30 22:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/14 18:41:54 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/03 12:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/18 08:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/04/19 07:08:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 16:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/21 05:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/03 07:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/19 09:27:30 | 004,869,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2011/08/19 09:27:30 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 17:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/16 03:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2006/11/01 08:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{B5C4CB8B-E39C-42C6-8B85-477704FD5CD3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{383A1F3C-35A6-4DF0-8496-E1BC3F57F56A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{383A1F3C-35A6-4DF0-8496-E1BC3F57F56A}: "URL" = http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{5AFC6887-7073-E6CD-E685-A65EBB910758}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z126&form=ZGAIDF&install_date=20110904&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_en
IE - HKCU\..\SearchScopes\{986852BD-0A7E-419C-93CB-22140280F591}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BLT&o=15554&src=kw&q={searchTerms}&locale=&apn_ptnrs=HH&apn_dtid=YYYYYYGHUS&apn_uid=89507A9C-4A88-4013-AA3D-BDCE198900B6&apn_sauid=6FA6265B-0173-4488-9438-C013FA07EE45
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Chappy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chappy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
O1 HOSTS File: ([2013/01/02 18:25:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F26CEFC-06C2-4897-A737-0B0FADE93A20}: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013/01/03 04:43:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chappy\Desktop\OTL.exe
[2013/01/03 04:04:11 | 000,000,000 | ---D | C] -- C:\Users\Chappy\Desktop\RK_Quarantine
[2013/01/03 03:27:56 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Chappy\Desktop\TFC.exe
[2013/01/02 21:23:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/02 21:21:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/01/02 19:07:19 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/02 19:06:34 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/02 18:25:38 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/02 17:54:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/02 17:50:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/02 15:15:04 | 000,000,000 | ---D | C] -- C:\Users\Chappy\Documents\mbar-1.01.0.1011
[2013/01/01 15:11:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/28 04:04:42 | 000,000,000 | ---D | C] -- C:\Users\Chappy\AppData\Local\Programs
[2012/12/26 16:19:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012/12/21 14:16:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2012/12/21 14:09:57 | 000,000,000 | ---D | C] -- C:\Users\Chappy\Documents\EA Games
[2012/12/21 13:56:03 | 000,442,368 | R--- | C] (On2.com) -- C:\Windows\SysWow64\vp6vfw.dll
[2012/12/20 22:54:39 | 000,000,000 | ---D | C] -- C:\Users\Chappy\AppData\Local\DayZCommander
[2012/12/20 22:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2012/12/19 13:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/19 13:33:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/19 13:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/19 13:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/19 13:33:20 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
========== Files - Modified Within 30 Days ==========
[2013/01/03 04:44:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chappy\Desktop\OTL.exe
[2013/01/03 04:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 04:04:10 | 000,751,104 | ---- | M] () -- C:\Users\Chappy\Desktop\RogueKillerX64.exe
[2013/01/03 03:53:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 03:38:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 03:38:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 03:32:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/03 03:31:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/03 03:31:10 | 2039,832,575 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/03 03:27:59 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Chappy\Desktop\TFC.exe
[2013/01/03 02:04:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001UA.job
[2013/01/02 18:25:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/02 14:04:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001Core.job
[2013/01/01 19:11:03 | 610,679,467 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/01 18:05:21 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/01/01 18:05:21 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/01 17:40:11 | 000,000,512 | ---- | M] () -- C:\Users\Chappy\Documents\MBR.dat
[2012/12/31 18:24:12 | 000,419,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/31 18:17:48 | 000,744,326 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/31 18:17:48 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/31 18:17:48 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/31 18:15:46 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/12/28 04:04:55 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/25 20:24:35 | 000,298,280 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/12/25 12:57:05 | 000,000,221 | ---- | M] () -- C:\Users\Chappy\Desktop\Borderlands 2.url
[2012/12/21 14:10:25 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2012/12/20 22:54:15 | 000,001,336 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/12/19 13:34:06 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013/01/03 04:04:07 | 000,751,104 | ---- | C] () -- C:\Users\Chappy\Desktop\RogueKillerX64.exe
[2013/01/01 17:40:11 | 000,000,512 | ---- | C] () -- C:\Users\Chappy\Documents\MBR.dat
[2013/01/01 15:11:02 | 610,679,467 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/12/31 18:15:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/12/31 18:15:46 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/12/31 18:07:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/12/25 12:57:05 | 000,000,221 | ---- | C] () -- C:\Users\Chappy\Desktop\Borderlands 2.url
[2012/12/21 14:10:25 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\The Sims 2.lnk
[2012/12/20 22:54:15 | 000,001,336 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/12/19 13:34:06 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/14 18:37:25 | 000,298,280 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/14 18:37:07 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/10/14 18:37:07 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/10 11:27:57 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/10/10 11:11:31 | 000,185,344 | ---- | C] () -- C:\Windows\patchw32.dll
[2012/10/03 21:07:31 | 000,001,056 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\lyjsb
[2012/10/03 14:48:32 | 000,090,176 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\lj1y6nb.dat
[2012/10/03 14:48:31 | 000,086,080 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\aftr4sb.dat
[2012/10/03 14:48:30 | 000,060,992 | ---- | C] () -- C:\Users\Chappy\AppData\Roaming\slr8k5s.dat
[2012/06/26 16:20:06 | 000,000,050 | ---- | C] () -- C:\Users\Chappy\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/16 15:56:11 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/06/16 15:25:59 | 000,000,632 | ---- | C] () -- C:\Windows\Edofma.INI
[2012/06/16 14:55:15 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat
[2012/04/13 17:16:48 | 000,000,178 | ---- | C] () -- C:\Windows\{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}.ini
[2012/04/13 17:16:48 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}.ini
[2012/01/12 01:32:28 | 000,000,024 | ---- | C] () -- C:\Users\Chappy\random.dat
[2012/01/12 00:13:45 | 000,011,508 | --S- | C] () -- C:\Users\Chappy\AppData\Local\igd1do7ncmdut05j26sqo20
[2012/01/12 00:13:45 | 000,011,508 | --S- | C] () -- C:\ProgramData\igd1do7ncmdut05j26sqo20
[2011/11/16 14:47:51 | 000,003,584 | ---- | C] () -- C:\Users\Chappy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 20:56:16 | 000,000,046 | ---- | C] () -- C:\Users\Chappy\jagex_cl_runescape_LIVE1.dat
[2011/10/25 18:06:36 | 000,000,045 | ---- | C] () -- C:\Users\Chappy\jagex_cl_runescape_LIVE.dat
[2011/08/19 09:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/08/19 09:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/08/19 09:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/26 13:03:23 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/23 22:20:52 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/02/22 18:56:00 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/02/22 18:56:00 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD8660DN.DAT
[2010/05/22 15:43:03 | 000,000,129 | ---- | C] () -- C:\Users\Chappy\jagex_runescape_preferences2.dat
[2010/05/22 15:43:03 | 000,000,000 | ---- | C] () -- C:\Users\Chappy\jagex__preferences3.dat
[2010/05/22 15:41:38 | 000,000,046 | ---- | C] () -- C:\Users\Chappy\jagex_runescape_preferences.dat
========== ZeroAccess Check ==========
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 21:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 20:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011/08/22 19:26:58 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\Blitware
[2012/08/27 15:35:15 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\IObit
[2011/08/23 20:16:29 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\Leadertech
[2010/05/21 13:55:47 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\LolClient
[2012/05/23 11:49:07 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\LolClient2
[2011/09/03 19:22:46 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\ooVoo Details
[2012/07/29 20:00:36 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\six-updater
[2012/07/23 21:56:01 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\six-zsync
[2012/06/16 13:37:21 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\SumatraPDF
[2011/08/23 06:03:58 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\Tific
[2012/10/10 11:11:32 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\ubi.com
[2011/10/13 20:53:57 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\Unity
[2011/04/23 22:35:28 | 000,000,000 | ---D | M] -- C:\Users\Chappy\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: EXPLORER.EXE >
[2010/04/19 09:50:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 04:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/04/19 09:50:33 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/04/19 09:50:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/30 22:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/04/19 09:50:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 05:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/30 22:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/04/19 09:50:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 22:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/04/19 09:50:33 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/04/19 09:50:36 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/04/19 09:50:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
< MD5 for: SERVICES.EXE >
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 17:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: USERINIT.EXE >
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 04:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 05:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 05:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/27 23:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 22:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %systemroot%\*. /rp /s >
< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
========== Drive Information ==========
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST31000528AS ATA Device
Partitions: 3
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- SD/MMC USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: USB
Media Type:
Model: Generic- Compact Flash USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE3 -
Interface type: USB
Media Type:
Model: Generic- SM/xD Picture USB Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE4 -
Interface type: USB
Media Type:
Model: Generic- MS/MS-Pro USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 298.00MB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 15.00GB
Starting Offset: 313524224
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 917.00GB
Starting Offset: 16042164224
Hidden sectors: 0
< >
[2009/07/13 21:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 21:08:49 | 000,032,546 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/07/02 22:09:11 | 000,000,894 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011/07/02 22:09:12 | 000,000,898 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2011/08/22 18:51:45 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001Core.job
[2011/08/22 18:51:48 | 000,000,932 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001UA.job
[2012/06/23 19:12:30 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
========== Files - Unicode (All) ==========
[2012/08/30 05:58:20 | 000,000,000 | ---D | M](C:\Users\Chappy\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Chappy\AppData\Local\DataSafeOnline癜⸱尰䌻尺牐杯慲楆敬砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓
[2012/08/30 05:58:20 | 000,000,000 | ---D | M](C:\Users\Chappy\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Chappy\AppData\Local\DataSafeOnline癜⸱尰䌻尺牐杯慲楆敬砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓
[2012/08/29 12:30:21 | 000,000,000 | ---D | M](C:\Users\Chappy\AppData\Local\DataSafeOnline??) -- C:\Users\Chappy\AppData\Local\DataSafeOnline贀낇
[2012/08/29 12:30:21 | 000,000,000 | ---D | M](C:\Users\Chappy\AppData\Local\DataSafeOnline??) -- C:\Users\Chappy\AppData\Local\DataSafeOnline贀낇
(C:\Users\Chappy\AppData\Local\DataSafeOnline??) -- C:\Users\Chappy\AppData\Local\DataSafeOnline贀낇
(C:\Users\Chappy\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\Chappy\AppData\Local\DataSafeOnline癜⸱尰䌻尺牐杯慲楆敬砨㘸尩畑捩呫浩履呑祓瑳浥㭜㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\System32\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\System32\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\System32\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\System32\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\System32\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\System32\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\System32\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\Windows\system32\config\systemprofile\Music -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\Windows\system32\config\systemprofile\Pictures -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\Windows\system32\config\systemprofile\Videos -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\Windows\SysWOW64\config\systemprofile\My Documents] -> C:\Windows\system32\config\systemprofile\Documents -> Junction
[C:\Windows\SysWOW64\config\systemprofile\NetHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\PrintHood] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Recent] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Windows\SysWOW64\config\systemprofile\SendTo] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Start Menu] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Windows\SysWOW64\config\systemprofile\Templates] -> C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
< End of report >
-
still the same :/ I could try downloading chrome if you could give the link because I can't get to the site.
-
Here are the RK reports
RogueKiller V8.4.2 _x64_ [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chappy [Admin rights]
Mode : Scan -- Date : 01/03/2013 04:05:17
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][sUSP PATH] HKUS\S-1-5-21-2214422115-321876402-1557215952-1003[...]\Services-2214422115-321876402-1557215952-1003\Run : Adobe (rundll32.exe "C:\Users\Chappy\AppData\Local\Apple Computer\Adobe\siqjurlw.dll",CreateInstance) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-2214422115-321876402-1557215952-1003[...]\Services-2214422115-321876402-1557215952-1003\Run : ElevatedDiagnostics (rundll32.exe "C:\Users\Chappy\AppData\Local\ESET\ElevatedDiagnostics\htphcrjz.dll",DllRegisterServerW) -> FOUND
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\Services\Microsoft\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\Services\Microsoft\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 6b4b7feb5946492e9b50da0948431738
[bSP] 15f1d42ae9b8c2ac7f04a41ecf882c7d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 298 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 612352 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31332352 | Size: 938569 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01032013_02d0405.txt >>
RKreport[1]_S_01032013_02d0405.txt
RogueKiller V8.4.2 _x64_ [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chappy [Admin rights]
Mode : Remove -- Date : 01/03/2013 04:05:44
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKUS\S-1-5-21-2214422115-321876402-1557215952-1003[...]\Services-2214422115-321876402-1557215952-1003\Run : Adobe (rundll32.exe "C:\Users\Chappy\AppData\Local\Apple Computer\Adobe\siqjurlw.dll",CreateInstance) -> DELETED
[RUN][sUSP PATH] HKUS\S-1-5-21-2214422115-321876402-1557215952-1003[...]\Services-2214422115-321876402-1557215952-1003\Run : ElevatedDiagnostics (rundll32.exe "C:\Users\Chappy\AppData\Local\ESET\ElevatedDiagnostics\htphcrjz.dll",DllRegisterServerW) -> DELETED
[HJPOL] HKCU\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED
[HJPOL] HKLM\[...]\Services\Microsoft\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\Services\Microsoft\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\Services\Microsoft\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 6b4b7feb5946492e9b50da0948431738
[bSP] 15f1d42ae9b8c2ac7f04a41ecf882c7d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 298 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 612352 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31332352 | Size: 938569 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01032013_02d0405.txt >>
RKreport[1]_S_01032013_02d0405.txt ; RKreport[2]_D_01032013_02d0405.txt
RogueKiller V8.4.2 _x64_ [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Chappy [Admin rights]
Mode : Shortcuts HJfix -- Date : 01/03/2013 04:08:02
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 18 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 120 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 242 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 98 / Fail 0
Backup: [NOT FOUND]
Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume7 -- 0x2 --> Restored
Finished : << RKreport[3]_SC_01032013_02d0408.txt >>
RKreport[1]_S_01032013_02d0405.txt ; RKreport[2]_D_01032013_02d0405.txt ; RKreport[3]_SC_01032013_02d0408.txt
-
Uninstalling ESET and running TFC didn't help, it is still the same. I can't download rogue killer because the web page won't load, is it possible you can put the download link?
-
It seems to have helped a little bit, I figured out how to get ESET to stop blocking websites through advanced settings, still no websites load though.
-
Allright well my computer is completely screwed. It was working fine after I used the anti-rootkit and I messed up when i was using combofix, which I think screwed up my computer because after that ESET started having problems and for some reason this and google are literally the only two sites that load.
-
It didn't help much of anything :/
-
I ran an ESET scan and it didn't find anything. I'm going to try that thing you suggested and see if it helps anything.
-
I am not entirely sure but I think it could be combofix, I didn't have any issues like this until I downloaded/used it.
-
Internet Explorer, it comes up for a second after deleting the history, then it stops responding.
-
JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.3.5 (01.02.2013:3)
OS: Windows 7 Home Premium x64
Ran by Chappy on Wed 01/02/2013 at 19:07:21.89
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2214422115-321876402-1557215952-1001\software\microsoft\internet explorer\searchscopes\\DefaultScope
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{d4027c7f-154a-4066-a1ad-4243d8127440}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_classes_root\appid\babylonhelper.exe
Successfully deleted: [Registry Key] hkey_current_user\software\installedbrowserextensions
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\i want this
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dealscout.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\toolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.bandobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.bandobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.toolbarhelperobject
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar.toolbarhelperobject.1
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\babylon_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\wow6432node\microsoft\tracing\babylontc_rasmancs
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3d475351-3508-4de9-a7c0-b0ceb0859fbe}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{92b514fd-a316-4736-99eb-2a6532d02e7d}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{92b514fd-a316-4736-99eb-2a6532d02e7d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd6d90c0-e6ee-4bc6-b9f7-9ed319698007}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{d4027c7f-154a-4066-a1ad-4243d8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
~~~ Files
Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\pricepeep"
Successfully deleted: [Folder] "C:\Users\Chappy\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/02/2013 at 19:13:42.19
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner log
# AdwCleaner v2.104 - Logfile created 01/02/2013 at 19:16:39
# Updated 29/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Chappy - KILLERHIPPO
# Boot Mode : Normal
# Running from : C:\Users\Chappy\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files\Babylon
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
*************************
AdwCleaner[s1].txt - [3947 octets] - [02/01/2013 19:16:39]
########## EOF - C:\AdwCleaner[s1].txt - [4007 octets] ##########
MBAM log
Malwarebytes Anti-Malware (PRO) 1.70.0.1100
Database version: v2013.01.02.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chappy :: KILLERHIPPO [administrator]
Protection: Enabled
1/2/2013 7:22:10 PM
mbam-log-2013-01-02 (19-22-10).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 241760
Time elapsed: 3 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
The ESET site would not load.
-
Also, after running the combofix my eset won't let me access any websites unless I disable its protection. Everytime I try to open the internet it tells me that the website is in it's list of blocked sites.
-
combofix log
ComboFix 13-01-02.02 - Chappy 01/02/2013 18:11:38.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8055.6057 [GMT -8:00]
Running from: c:\users\Chappy\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))
.
.
2013-01-03 02:25 . 2013-01-03 02:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-03 02:25 . 2013-01-03 02:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-03 02:07 . 2013-01-03 02:07 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EABB530-6A68-43BB-A570-43F94477DD14}\offreg.dll
2013-01-01 02:15 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2013-01-01 02:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-01-01 02:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-01-01 02:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-01-01 02:07 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-01 02:07 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-01 02:07 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-01 02:07 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-01 02:07 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-01-01 02:07 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-01-01 02:07 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-01-01 02:07 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-01-01 02:07 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-01-01 02:07 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-01-01 02:07 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-01-01 02:02 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-01 02:02 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-01 02:02 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-01 02:00 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2013-01-01 02:00 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-12-28 12:04 . 2012-12-28 12:04 -------- d-----w- c:\users\Chappy\AppData\Local\Programs
2012-12-27 00:19 . 2012-12-27 00:19 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-26 05:51 . 2010-06-02 12:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-12-26 05:51 . 2010-06-02 12:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-12-26 05:51 . 2010-05-26 19:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-26 05:51 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-12-26 05:51 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-12-26 05:51 . 2010-02-04 18:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-12-21 21:56 . 2004-08-18 02:14 442368 ----a-r- c:\windows\SysWow64\vp6vfw.dll
2012-12-21 06:54 . 2012-12-21 06:54 -------- d-----w- c:\users\Chappy\AppData\Local\DayZCommander
2012-12-21 06:54 . 2012-12-21 06:54 -------- d-----w- c:\program files (x86)\Dotjosh Studios
2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\program files\iPod
2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\program files\iTunes
2012-12-19 21:33 . 2012-12-19 21:33 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-02 02:05 . 2012-10-15 02:41 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-01-02 02:05 . 2012-10-15 02:37 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-01 02:13 . 2010-05-28 21:37 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-26 04:24 . 2012-10-15 02:37 298280 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-15 00:49 . 2012-08-15 05:53 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-11 21:30 . 2012-06-24 03:12 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 21:30 . 2011-07-25 19:27 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-03 15:47 . 2010-04-19 17:46 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2010-04-19 17:46 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-03 15:47 . 2010-04-19 17:46 15122280 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-12-03 15:47 . 2010-04-19 17:46 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-01 06:43 . 2012-12-01 06:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-12-01 05:49 . 2009-07-08 21:01 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2009-07-08 20:01 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2009-07-08 21:01 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2009-07-08 21:01 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2009-07-08 21:01 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-16 08:38 . 2013-01-01 02:02 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2013-01-01 02:02 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2013-01-01 02:02 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-15 02:41 . 2012-10-15 02:37 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-10-15 02:31 . 2012-10-15 02:37 3360624 ----a-w- c:\windows\SysWow64\pbsvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}]
2012-04-09 18:53 483656 ----a-w- c:\program files (x86)\PricePeep\pricepeep.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-03 39408]
"Facebook Update"="c:\users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-03 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 Updater Service for ooVoo Toolbar;Updater Service for ooVoo Toolbar;c:\program files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-08 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-15 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-15 682344]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-10-16 321064]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-15 24176]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 21:30]
.
2013-01-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001Core.job
- c:\users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-23 20:58]
.
2013-01-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2214422115-321876402-1557215952-1001UA.job
- c:\users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-23 20:58]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 06:09]
.
2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-03 06:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{92B514FD-A316-4736-99EB-2A6532D02E7D} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-ooVooToolbarHelper - c:\program files (x86)\ooVoo Toolbar\ToolbarHelper.exe
Wow6432Node-HKU-Default-Run-ElevatedDiagnostics - c:\users\Chappy\AppData\Local\ESET\ElevatedDiagnostics\htphcrjz.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
AddRemove-NortonPCCheckup - c:\program files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.12.27\InstStub.exe
AddRemove-ooVoo Toolbar - c:\program files (x86)\ooVoo Toolbar\ooVooToolbarUninstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1 - c:\program files (x86)\Driver Robot\2.5.4.1\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-02 18:35:51
ComboFix-quarantined-files.txt 2013-01-03 02:35
.
Pre-Run: 369,697,800,192 bytes free
Post-Run: 376,707,543,040 bytes free
.
- - End Of File - - 656E6858B0BAEE944FDC494E5EC8AEB6
-
mbar log
Malwarebytes Anti-Rootkit 1.01.0.1011
Database version: v2013.01.02.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chappy :: KILLERHIPPO [administrator]
1/2/2013 4:22:51 PM
mbar-log-2013-01-02 (16-22-51).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 30067
Time elapsed: 14 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.
HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib (Adware.GamePlayLab) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
system-log.txt
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8446402560, free: 6202155008
------------ Kernel report ------------
01/02/2013 15:15:50
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imagehlp.dll
\Windows\System32\msctf.dll
\Windows\System32\advapi32.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\setupapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\kernel32.dll
\Windows\System32\urlmon.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\imm32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\psapi.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\Wldap32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\gdi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\user32.dll
\Windows\System32\usp10.dll
\Windows\System32\normaliz.dll
\Windows\System32\iertutil.dll
\Windows\System32\crypt32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800941d060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa800941ab60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800941c060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa8009427b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800941b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa8009429b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800941a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa8006c530a0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007cd2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80079ea060
Lower Device Driver Name: \00000436\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Downloaded database version: v2013.01.02.10
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007cd2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007cd2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007cd2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079e5670, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80079ea060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \00000436\
------------ End ----------
Upper DeviceData: 0xfffff8a0027135e0, 0xfffffa8007cd2060, 0xfffffa800b816790
Lower DeviceData: 0xfffff8a0049508d0, 0xfffffa80079ea060, 0xfffffa8009add810
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
MBR buffers are not equal
MBR is forged! [4333f673a96dbe57f4d0023e55e5303d]
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 57493372
Partition information:
Partition 0 type is Empty (0x0)
Partition is ACTIVE.
Partition starts at LBA: 50 Numsec = 0
Partition is not bootable
Infected: VBR on Empty active partition --> [Rootkit.Pihar.c.MBR]
Changing partition to empty and not active. New active partition is 1 on drive 0 ...
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 610407
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 612352 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31332352 Numsec = 1922190768
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
MBR infection found on drive 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-49-1953505168-1953525168)...
Sector 1953524916 --> [Forged physical sector]
Sector 1953524917 --> [Forged physical sector]
Sector 1953524918 --> [Forged physical sector]
Sector 1953524919 --> [Forged physical sector]
Sector 1953524920 --> [Forged physical sector]
Sector 1953524921 --> [Forged physical sector]
Sector 1953524922 --> [Forged physical sector]
Sector 1953524923 --> [Forged physical sector]
Sector 1953524924 --> [Forged physical sector]
Sector 1953524925 --> [Forged physical sector]
Sector 1953524926 --> [Forged physical sector]
Sector 1953524927 --> [Forged physical sector]
Sector 1953524928 --> [Forged physical sector]
Sector 1953524929 --> [Forged physical sector]
Sector 1953524930 --> [Forged physical sector]
Sector 1953524931 --> [Forged physical sector]
Sector 1953524932 --> [Forged physical sector]
Sector 1953524933 --> [Forged physical sector]
Sector 1953524934 --> [Forged physical sector]
Sector 1953524935 --> [Forged physical sector]
Sector 1953524936 --> [Forged physical sector]
Sector 1953524937 --> [Forged physical sector]
Sector 1953524938 --> [Forged physical sector]
Sector 1953524939 --> [Forged physical sector]
Sector 1953524940 --> [Forged physical sector]
Sector 1953524941 --> [Forged physical sector]
Sector 1953524942 --> [Forged physical sector]
Sector 1953524943 --> [Forged physical sector]
Sector 1953524944 --> [Forged physical sector]
Sector 1953524945 --> [Forged physical sector]
Sector 1953524946 --> [Forged physical sector]
Sector 1953524947 --> [Forged physical sector]
Sector 1953524948 --> [Forged physical sector]
Sector 1953524949 --> [Forged physical sector]
Sector 1953524950 --> [Forged physical sector]
Sector 1953524951 --> [Forged physical sector]
Sector 1953524952 --> [Forged physical sector]
Sector 1953524953 --> [Forged physical sector]
Sector 1953524954 --> [Forged physical sector]
Sector 1953524955 --> [Forged physical sector]
Sector 1953524956 --> [Forged physical sector]
Sector 1953524957 --> [Forged physical sector]
Sector 1953524958 --> [Forged physical sector]
Sector 1953524959 --> [Forged physical sector]
Sector 1953524960 --> [Forged physical sector]
Sector 1953524961 --> [Forged physical sector]
Sector 1953524962 --> [Forged physical sector]
Sector 1953524963 --> [Forged physical sector]
Sector 1953524964 --> [Forged physical sector]
Sector 1953524965 --> [Forged physical sector]
Sector 1953524966 --> [Forged physical sector]
Sector 1953524967 --> [Forged physical sector]
Sector 1953524968 --> [Forged physical sector]
Sector 1953524969 --> [Forged physical sector]
Sector 1953524970 --> [Forged physical sector]
Sector 1953524971 --> [Forged physical sector]
Sector 1953524972 --> [Forged physical sector]
Sector 1953524973 --> [Forged physical sector]
Sector 1953524974 --> [Forged physical sector]
Sector 1953524975 --> [Forged physical sector]
Sector 1953524976 --> [Forged physical sector]
Sector 1953524977 --> [Forged physical sector]
Sector 1953524978 --> [Forged physical sector]
Sector 1953524979 --> [Forged physical sector]
Sector 1953524980 --> [Forged physical sector]
Sector 1953524981 --> [Forged physical sector]
Sector 1953524982 --> [Forged physical sector]
Sector 1953524983 --> [Forged physical sector]
Sector 1953524984 --> [Forged physical sector]
Sector 1953524985 --> [Forged physical sector]
Sector 1953524986 --> [Forged physical sector]
Sector 1953524987 --> [Forged physical sector]
Sector 1953524988 --> [Forged physical sector]
Sector 1953524989 --> [Forged physical sector]
Sector 1953524990 --> [Forged physical sector]
Sector 1953524991 --> [Forged physical sector]
Sector 1953524992 --> [Forged physical sector]
Sector 1953524993 --> [Forged physical sector]
Sector 1953524994 --> [Forged physical sector]
Sector 1953524995 --> [Forged physical sector]
Sector 1953524996 --> [Forged physical sector]
Sector 1953524997 --> [Forged physical sector]
Sector 1953524998 --> [Forged physical sector]
Sector 1953524999 --> [Forged physical sector]
Sector 1953525000 --> [Forged physical sector]
Sector 1953525001 --> [Forged physical sector]
Sector 1953525002 --> [Forged physical sector]
Sector 1953525003 --> [Forged physical sector]
Sector 1953525004 --> [Forged physical sector]
Sector 1953525005 --> [Forged physical sector]
Sector 1953525006 --> [Forged physical sector]
Sector 1953525007 --> [Forged physical sector]
Sector 1953525008 --> [Forged physical sector]
Sector 1953525009 --> [Forged physical sector]
Sector 1953525010 --> [Forged physical sector]
Sector 1953525011 --> [Forged physical sector]
Sector 1953525012 --> [Forged physical sector]
Sector 1953525013 --> [Forged physical sector]
Sector 1953525014 --> [Forged physical sector]
Sector 1953525015 --> [Forged physical sector]
Sector 1953525016 --> [Forged physical sector]
Sector 1953525017 --> [Forged physical sector]
Sector 1953525018 --> [Forged physical sector]
Sector 1953525019 --> [Forged physical sector]
Sector 1953525020 --> [Forged physical sector]
Sector 1953525021 --> [Forged physical sector]
Sector 1953525022 --> [Forged physical sector]
Sector 1953525023 --> [Forged physical sector]
Sector 1953525024 --> [Forged physical sector]
Sector 1953525025 --> [Forged physical sector]
Sector 1953525026 --> [Forged physical sector]
Sector 1953525027 --> [Forged physical sector]
Sector 1953525028 --> [Forged physical sector]
Sector 1953525029 --> [Forged physical sector]
Sector 1953525030 --> [Forged physical sector]
Sector 1953525031 --> [Forged physical sector]
Sector 1953525032 --> [Forged physical sector]
Sector 1953525033 --> [Forged physical sector]
Sector 1953525034 --> [Forged physical sector]
Sector 1953525035 --> [Forged physical sector]
Sector 1953525036 --> [Forged physical sector]
Sector 1953525037 --> [Forged physical sector]
Sector 1953525038 --> [Forged physical sector]
Sector 1953525039 --> [Forged physical sector]
Sector 1953525040 --> [Forged physical sector]
Sector 1953525041 --> [Forged physical sector]
Sector 1953525042 --> [Forged physical sector]
Sector 1953525043 --> [Forged physical sector]
Sector 1953525044 --> [Forged physical sector]
Sector 1953525045 --> [Forged physical sector]
Sector 1953525046 --> [Forged physical sector]
Sector 1953525047 --> [Forged physical sector]
Sector 1953525048 --> [Forged physical sector]
Sector 1953525049 --> [Forged physical sector]
Sector 1953525050 --> [Forged physical sector]
Sector 1953525051 --> [Forged physical sector]
Sector 1953525052 --> [Forged physical sector]
Sector 1953525053 --> [Forged physical sector]
Sector 1953525054 --> [Forged physical sector]
Sector 1953525055 --> [Forged physical sector]
Sector 1953525056 --> [Forged physical sector]
Sector 1953525057 --> [Forged physical sector]
Sector 1953525058 --> [Forged physical sector]
Sector 1953525059 --> [Forged physical sector]
Sector 1953525060 --> [Forged physical sector]
Sector 1953525061 --> [Forged physical sector]
Sector 1953525062 --> [Forged physical sector]
Sector 1953525063 --> [Forged physical sector]
Sector 1953525064 --> [Forged physical sector]
Sector 1953525065 --> [Forged physical sector]
Sector 1953525066 --> [Forged physical sector]
Sector 1953525067 --> [Forged physical sector]
Sector 1953525068 --> [Forged physical sector]
Sector 1953525069 --> [Forged physical sector]
Sector 1953525070 --> [Forged physical sector]
Sector 1953525071 --> [Forged physical sector]
Sector 1953525072 --> [Forged physical sector]
Sector 1953525073 --> [Forged physical sector]
Sector 1953525074 --> [Forged physical sector]
Sector 1953525075 --> [Forged physical sector]
Sector 1953525076 --> [Forged physical sector]
Sector 1953525077 --> [Forged physical sector]
Sector 1953525078 --> [Forged physical sector]
Sector 1953525079 --> [Forged physical sector]
Sector 1953525080 --> [Forged physical sector]
Sector 1953525081 --> [Forged physical sector]
Sector 1953525082 --> [Forged physical sector]
Sector 1953525083 --> [Forged physical sector]
Sector 1953525084 --> [Forged physical sector]
Sector 1953525085 --> [Forged physical sector]
Sector 1953525086 --> [Forged physical sector]
Sector 1953525087 --> [Forged physical sector]
Sector 1953525088 --> [Forged physical sector]
Sector 1953525089 --> [Forged physical sector]
Sector 1953525090 --> [Forged physical sector]
Sector 1953525091 --> [Forged physical sector]
Sector 1953525092 --> [Forged physical sector]
Sector 1953525093 --> [Forged physical sector]
Sector 1953525094 --> [Forged physical sector]
Sector 1953525095 --> [Forged physical sector]
Sector 1953525096 --> [Forged physical sector]
Sector 1953525097 --> [Forged physical sector]
Sector 1953525098 --> [Forged physical sector]
Sector 1953525099 --> [Forged physical sector]
Sector 1953525100 --> [Forged physical sector]
Sector 1953525101 --> [Forged physical sector]
Sector 1953525102 --> [Forged physical sector]
Sector 1953525103 --> [Forged physical sector]
Sector 1953525104 --> [Forged physical sector]
Sector 1953525105 --> [Forged physical sector]
Sector 1953525106 --> [Forged physical sector]
Sector 1953525107 --> [Forged physical sector]
Sector 1953525108 --> [Forged physical sector]
Sector 1953525109 --> [Forged physical sector]
Sector 1953525110 --> [Forged physical sector]
Sector 1953525111 --> [Forged physical sector]
Sector 1953525112 --> [Forged physical sector]
Sector 1953525113 --> [Forged physical sector]
Sector 1953525114 --> [Forged physical sector]
Sector 1953525115 --> [Forged physical sector]
Sector 1953525116 --> [Forged physical sector]
Sector 1953525117 --> [Forged physical sector]
Sector 1953525118 --> [Forged physical sector]
Sector 1953525119 --> [Forged physical sector]
Sector 1953525120 --> [Forged physical sector]
Sector 1953525121 --> [Forged physical sector]
Sector 1953525122 --> [Forged physical sector]
Sector 1953525123 --> [Forged physical sector]
Sector 1953525124 --> [Forged physical sector]
Sector 1953525125 --> [Forged physical sector]
Sector 1953525126 --> [Forged physical sector]
Sector 1953525127 --> [Forged physical sector]
Sector 1953525128 --> [Forged physical sector]
Sector 1953525129 --> [Forged physical sector]
Sector 1953525130 --> [Forged physical sector]
Sector 1953525131 --> [Forged physical sector]
Sector 1953525132 --> [Forged physical sector]
Sector 1953525133 --> [Forged physical sector]
Sector 1953525134 --> [Forged physical sector]
Sector 1953525135 --> [Forged physical sector]
Sector 1953525136 --> [Forged physical sector]
Sector 1953525137 --> [Forged physical sector]
Sector 1953525138 --> [Forged physical sector]
Sector 1953525139 --> [Forged physical sector]
Sector 1953525140 --> [Forged physical sector]
Sector 1953525141 --> [Forged physical sector]
Sector 1953525142 --> [Forged physical sector]
Sector 1953525143 --> [Forged physical sector]
Sector 1953525144 --> [Forged physical sector]
Sector 1953525145 --> [Forged physical sector]
Sector 1953525146 --> [Forged physical sector]
Sector 1953525147 --> [Forged physical sector]
Sector 1953525148 --> [Forged physical sector]
Sector 1953525149 --> [Forged physical sector]
Sector 1953525150 --> [Forged physical sector]
Sector 1953525151 --> [Forged physical sector]
Sector 1953525152 --> [Forged physical sector]
Sector 1953525153 --> [Forged physical sector]
Sector 1953525154 --> [Forged physical sector]
Sector 1953525155 --> [Forged physical sector]
Sector 1953525156 --> [Forged physical sector]
Sector 1953525157 --> [Forged physical sector]
Sector 1953525158 --> [Forged physical sector]
Sector 1953525159 --> [Forged physical sector]
Sector 1953525160 --> [Forged physical sector]
Sector 1953525161 --> [Forged physical sector]
Sector 1953525162 --> [Forged physical sector]
Sector 1953525163 --> [Forged physical sector]
Sector 1953525164 --> [Forged physical sector]
Sector 1953525165 --> [Forged physical sector]
Sector 1953525166 --> [Forged physical sector]
Sector 1953525167 --> [Forged physical sector]
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800941a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009449b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800941a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8006c530a0, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800941b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800941bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800941b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009429b60, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800941c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800941cb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800941c060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009427b60, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800941d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800941db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800941d060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800941ab60, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} --> [Adware.GamePlayLab]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\instance.dat" is compressed (flags = 1)
Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4\@ --> [Trojan.Siredef.C]
Backup file found for a file C:\Windows\System32\services.exe
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\@ --> [backdoor.0Access]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\00000004.@ --> [backdoor.0Access]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\00000008.@ --> [Trojan.Dropper.BCMiner]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\000000cb.@ --> [backdoor.0Access]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\80000064.@ --> [backdoor.0Access]
Infected: C:\Windows\assembly\GAC_32\Desktop.ini --> [Trojan.0access]
Infected: C:\Windows\assembly\GAC_64\Desktop.ini --> [Rootkit.0access]
Infected: C:\Users\Chappy\Local Settings\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\@ --> [backdoor.0Access]
Infected: C:\Users\Chappy\Local Settings\Application Data\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\@ --> [backdoor.0Access]
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Infected: C:\Windows\svchost.exe --> [Trojan.Agent]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| --> [Trojan.Zaccess]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 --> [Trojan.Zaccess]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L --> [backdoor.0Access]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\201d3dde --> [backdoor.0Access]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\4cce1f70 --> [backdoor.0Access]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\76603ac3 --> [backdoor.0Access]
Infected: C:\Windows\Installer\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U --> [backdoor.0Access]
Infected: C:\Users\Chappy\Local Settings\Application Data\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U --> [backdoor.0Access]
Infected: C:\Users\Chappy\Local Settings\Application Data\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L --> [backdoor.0Access]
Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-2214422115-321876402-1557215952-1001\$c8ec1f45ba17d39feb4ec2ba1cb08ee4 --> [Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32| --> [Trojan.Zaccess]
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8446402560, free: 7050993664
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_30
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 3.192000 GHz
Memory total: 8446402560, free: 6240567296
------------ Kernel report ------------
01/02/2013 16:08:21
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\advapi32.dll
\Windows\System32\imm32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\usp10.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\user32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msctf.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\shell32.dll
\Windows\System32\gdi32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa8006c56060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa8008b962b0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa80092c7790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa8008b6ab60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa8009347790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa8008b982b0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8009349790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000076\
Lower Device Object: 0xfffffa8008b9c2b0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007ca9060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80079f4060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007ca9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007ca9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007ca9060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80079f2580, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80079f4060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00d695240, 0xfffffa8007ca9060, 0xfffffa800875e790
Lower DeviceData: 0xfffff8a01020bda0, 0xfffffa80079f4060, 0xfffffa8007c5e660
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 57493372
Partition information:
Partition 0 type is Other (0xde)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 610407
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 612352 Numsec = 30720000
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 31332352 Numsec = 1922190768
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8009349790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008b65b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009349790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008b9c2b0, DeviceName: \Device\00000076\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa8009347790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80093472c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8009347790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008b982b0, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa80092c7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8009341b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80092c7790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008b6ab60, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8006c56060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008b952e0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006c56060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008b962b0, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Infected: HKCR\Interface\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} --> [Adware.GamePlayLab]
Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKCU\SOFTWARE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Infected: HKCU\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\HKLM\SOFTWARE\CLASSES\INTERFACE\{55555555-5555-5555-5555-550055225558}\TypeLib --> [Adware.GamePlayLab]
Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\delldock.dat" is compressed (flags = 1)
Read File: File "C:\ProgramData\{D19C2D22-6043-47E7-B400-83A351841204}\instance.dat" is compressed (flags = 1)
Done!
Scan finished
Creating System Restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
-
Nevermind! Was just being impatient, sorry about that. Tried it again and it worked, here is the log, will put the .dat file as an attachment.
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-01 19:14:43
-----------------------------
19:14:43.958 OS Version: Windows x64 6.1.7601 Service Pack 1
19:14:43.958 Number of processors: 4 586 0x2502
19:14:43.958 ComputerName: KILLERHIPPO UserName: Chappy
19:14:46.238 Initialize success
19:14:55.022 AVAST engine defs: 13010101
19:14:58.820 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:14:58.824 Disk 0 Vendor: ST31000528AS CC45 Size: 953869MB BusType: 3
19:14:58.827 Device \Driver\atapi -> MajorFunction fffffa80087355e8
19:14:58.829 Disk 0 MBR read successfully
19:14:58.831 Disk 0 MBR scan
19:14:58.835 Disk 0 Windows VISTA default MBR code
19:14:58.837 Disk 0 MBR hidden
19:14:58.839 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 298 MB offset 63
19:14:58.852 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 612352
19:14:58.861 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 938569 MB offset 31332352
19:14:58.878 Disk 0 scanning C:\Windows\system32\drivers
19:15:18.365 Service scanning
19:15:55.659 Modules scanning
19:15:55.678 Disk 0 trace - called modules:
19:15:55.682 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80087355e8]<<
19:15:55.685 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007cda060]
19:15:55.688 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8006bd1d10]
19:15:55.691 5 ACPI.sys[fffff8800118d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80079f0060]
19:15:55.704 \Driver\atapi[0xfffffa800856f4d0] -> IRP_MJ_CREATE -> 0xfffffa80087355e8
19:15:57.388 AVAST engine scan C:\Windows
19:16:00.158 AVAST engine scan C:\Windows\system32
19:21:44.684 AVAST engine scan C:\Windows\system32\drivers
19:22:17.732 AVAST engine scan C:\Users\Chappy
19:30:17.093 AVAST engine scan C:\ProgramData
19:50:25.730 Scan finished successfully
19:51:19.825 Disk 0 MBR has been saved successfully to "C:\Users\Chappy\Desktop\MBR.dat"
19:51:19.842 The log file has been saved successfully to "C:\Users\Chappy\Desktop\aswMBR.txt"
-
It would go for a while and it would stop on a certain file for about 10 minutes, I stopped it and restarted the scan and it stopped on the same file.
-
Thanks for the help, here is the DDS log, I'll put the attach log as an attachment.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Chappy at 16:52:25 on 2013-01-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8055.5411 [GMT -8:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ooVoo Toolbar Helper: {92B514FD-A316-4736-99EB-2A6532D02E7D} - LocalServer32 - <no file>
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: PricePeep: {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll
BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Facebook Update] "C:\Users\Chappy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [ooVooToolbarHelper] "C:\Program Files (x86)\ooVoo Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRun: [ElevatedDiagnostics] rundll32.exe "C:\Users\Chappy\AppData\Local\ESET\ElevatedDiagnostics\htphcrjz.dll",DllRegisterServerW
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{8F26CEFC-06C2-4897-A737-0B0FADE93A20} : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2011-8-9 202576]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-22 974944]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-17 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-17 682344]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-19 1692480]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-19 56344]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-4-19 321064]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-8-14 24176]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2011-8-4 137144]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe /s --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\SymcPCCULaunchSvc.exe [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.12.27\ccSvcHst.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S2 Updater Service for ooVoo Toolbar;Updater Service for ooVoo Toolbar;C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe --> C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe [?]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-18 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-8-19 351136]
S3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-8-19 4869024]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-25 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-22 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-01 02:15:58 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-01 02:15:57 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-01 02:15:57 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-01 02:15:57 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-01 02:07:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-01 02:07:56 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-01 02:07:56 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-01 02:07:55 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-01 02:07:41 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-01-01 02:07:41 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-01-01 02:07:41 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-01-01 02:07:40 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-01-01 02:07:40 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-01-01 02:07:39 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-01-01 02:07:39 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-01-01 02:02:57 478208 ----a-w- C:\Windows\System32\dpnet.dll
2013-01-01 02:02:57 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2013-01-01 02:02:55 3149824 ----a-w- C:\Windows\System32\win32k.sys
2013-01-01 02:00:37 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-01-01 02:00:37 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-12-28 12:04:42 -------- d-----w- C:\Users\Chappy\AppData\Local\Programs
2012-12-26 05:51:52 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2012-12-26 05:51:52 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2012-12-26 05:51:51 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2012-12-26 05:51:50 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2012-12-26 05:51:50 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2012-12-26 05:51:50 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2012-12-21 21:56:03 442368 ----a-r- C:\Windows\SysWow64\vp6vfw.dll
2012-12-21 06:54:39 -------- d-----w- C:\Users\Chappy\AppData\Local\DayZCommander
2012-12-21 06:54:11 -------- d-----w- C:\Program Files (x86)\Dotjosh Studios
2012-12-19 21:33:23 -------- d-----w- C:\Program Files\iPod
2012-12-19 21:33:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-19 21:33:20 -------- d-----w- C:\Program Files\iTunes
2012-12-19 21:33:20 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-12-26 04:24:35 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-26 04:24:35 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-25 22:20:45 298280 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-15 00:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-11 21:30:30 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-11 21:30:30 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-01 06:43:52 438632 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-12-01 05:49:25 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-12-01 05:49:25 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-12-01 05:49:24 890216 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-12-01 05:48:41 6223208 ----a-w- C:\Windows\System32\nvcpl.dll
2012-12-01 05:48:37 3311464 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-15 02:41:54 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-10-15 02:31:47 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 16:52:57.89 ===============
-
Hi, my computer seems to be infected with this svchost.exe trojan. Every 15 or so seconds I get a pop-up from malwarebytes telling me that it has stopped and quarantined it. When I run a malwarebytes scan it doesnt find anything and when I click on the quarantine tab it freezes and closes saying it is not responding. If I run an eset scan it seems to find it but it doesn't delete it. Also I'm not sure if it means anything but today when I turned my computer on it blue screened. Any help would be appreciated, thanks.
svchost.exe trojan
in Resolved Malware Removal Logs
Posted
Thank you so much for all of your help. I really appreciate it. I will definitely try to donate. Thanks again.